I am seeing strange alert message from my firewall log. The destination IP was not the internal IP address, but somehow firewall had an log entry for it. Detail of the entry as below: : : Type: alert Action: accept Services: tcp-high-ports Sources: 13.10.226.1 Destination: 194.13.10.250 Protocol: TCP Rule: 2883584 Source Port: tcp-high-ports : : xlate_src: 0.16.13.10 xlate_dst: 226.1.194.172 xlate_sports: 270209280 xlate_dports: 11335936 Info: VPN-1 & Firewall-1 module len-1392967680 Note the large number of rule (I don't have that many number of rules!), len, source port, destination ports number. There was also no such NAT rule on the firewall to translate into the two addresses. Could this be a possible attack? The version of FW1 is 4.1 patch with SP2, running on Solaris 2.6. Please help. Thanks. __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
