Understanding BotNet Report and Researching Deeper
Bill2024e
Newbie ✭
I just setup a new firewall on a network and
1.) I want to make sure there isn't something inside the network already
2. ) I want to understand if something outside is trying to get in, what action the firewall security services (FSS) took.
3.) I want to understand what "Remaining IPs" means
4.) I want to understand why my external IP is listed and has the biggest count
Attached is what I'm seeing (ips have been altered to protect the innocent and guilty)
Thank you in advance
Category: Firewall Security Services
1
Answers
I've tried to find more details about the items listed in that image but don't know where/how to dig in and find more. Looking in the logs I see some but not all of the botnet attempts. My expectation would be to see all of them.
same here…hopefully someone can answer these question
so "remaining IPs" means that there are too many IPs for the firewall to display (due to limits of the firewall's ability to "remember" - i.e. low memory/storage). You should be able to go to the logs and see the details. Personally, I'm using syslog to capture everything and building reports off that as the displays are pretty much useless.