You don't say if the proxy server has a routable IP address, or if it's
an RFC1918 address. If it's a routable IP address, (even if it's behind
the firewall) then your ISP may be routing the packet to the
external interface of your firewall.
How could someone find out about this proxy address? Possibly someone
with a laptop that normally runs inside your firewall could be taking that
laptop out to the Internet, but possibly forgetting to reconfigure the browser
to not use the proxy. If that IP address routes to the firewall, it will log
and drop it, but this may not be a security event.
Other possibilities is that someone is trying to pass traffic through a
SecuRemote connection, but that traffic somehow isn't being encrypted...
HTH
Steve
[EMAIL PROTECTED] wrote:
> I noticed something VERY strange in my logs this morning. I have a packet
> who's source is 166.82.81.234 with destination being my proxy server, trying
> to use service 4024. The packet was rejected but I don't understand HOW the
> destination address can be the IP address of my proxy server. I am doing a
> HIDE NAT from my LAN to the Internet.
>
> Anyone have any ideas?
>
> Damir Matanic
> Chicago
> >
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
--
Steven Lee, CISSP (206) 762-4000 x104
Senior Network Security Engineer (206) 762-4400 FAX
AVCOM Technologies, Inc. (800) 817-9525 Pager
4636 E Marginal Way S, Ste B-100 http://www.avcom.com
Seattle, WA 98134-2383 mailto:[EMAIL PROTECTED]
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
