I've got a low number rule that blocks a few Class-C ranges from getting
to my mail server (webmail)
Web (HTTP) 217.224.202.1 - 217.224.207.255
(WAN)
192.168.1.3 (LAN)
The mail server has several different logs and one shows port 80
traffic, Here is part of yesterdays
20020425 012325 217.224.202.203,
Mozilla/4.0 (compatible; MSIE 4.01; Windows 95),
http://straight.wethost.com,
GET
http://www.klick4geld.de/cgi-bin/klick4geld.pl?banner=woxstraight
HTTP/1.0
20020425 012325 217.224.202.203, Mozilla/4.0 (compatible; MSIE 4.01; Windows 95), http://straight.wethost.com, GET http://www.klick4geld.de/cgi-bin/klick4geld.pl?banner=woxstraight HTTP/1.0
I'm trying to figure out what these kiddies are doing, the IP is from Deutsche Telekom AG.
My main concern is why the rule above is not stopping HTTP traffic.
Ideas? John T and Todd H: Do you see this in your Wxyz.log ??
Chris
- Re: [SonicWALL]- Blocking Class-C ranges Chris Hunt
- Re: [SonicWALL]- Blocking Class-C ranges James ( in Texas )
- Re: [SonicWALL]- Blocking Class-C ranges Chris Hunt
