HELLO_wORLD
Very Senior Member
Hi all,
This question is wider than just NG routers, but we have our community here
As you may have followed, I installed an IDS system to monitor any suspect activity, and I see some packets that have a source AND a destination IP that are not on my LAN (either private or public IP).
Unfortunately, I don't have the pcap for these packets, but here is the log.
Is it a normal thing to see such packets (not specifically these, but with source and destination not on the LAN at all) ?
This question is wider than just NG routers, but we have our community here
As you may have followed, I installed an IDS system to monitor any suspect activity, and I see some packets that have a source AND a destination IP that are not on my LAN (either private or public IP).
Unfortunately, I don't have the pcap for these packets, but here is the log.
Is it a normal thing to see such packets (not specifically these, but with source and destination not on the LAN at all) ?
Code:
{"timestamp":"2022-06-26T02:15:30.426516+0200","flow_id":1977470128689982,"in_iface":"enx00e04c680554","event_type":"flow","src_ip":"59.122.164.158","src_port":37282,"dest_ip":"118.5.144.243","dest_port":62691,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":42,"bytes_toclient":0,"start":"2022-06-26T02:13:07.463678+0200","end":"2022-06-26T02:13:07.463678+0200","age":0,"state":"new","reason":"timeout","alerted":false},"community_id":"1:IbdB7sne69+9JmcTOiGX5udapVQ="}
{"timestamp":"2022-06-26T06:43:29.205541+0200","flow_id":850901262365038,"in_iface":"enx00e04c680554","event_type":"flow","src_ip":"59.122.164.158","src_port":36792,"dest_ip":"92.163.137.95","dest_port":65163,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":42,"bytes_toclient":0,"start":"2022-06-26T06:41:31.356718+0200","end":"2022-06-26T06:41:31.356718+0200","age":0,"state":"new","reason":"timeout","alerted":false},"community_id":"1:H6kb5XrNeEP6vin9vxJJ3nTW7bc="}
{"timestamp":"2022-06-26T07:37:00.156285+0200","flow_id":1467693136150953,"in_iface":"enx00e04c680554","event_type":"flow","src_ip":"59.122.164.158","src_port":34301,"dest_ip":"220.202.93.106","dest_port":58597,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":42,"bytes_toclient":0,"start":"2022-06-26T07:35:01.000425+0200","end":"2022-06-26T07:35:01.000425+0200","age":0,"state":"new","reason":"timeout","alerted":false},"community_id":"1:YP8ySWXaaZ1GREWYqMN3CnyLEEQ="}
{"timestamp":"2022-06-26T08:52:36.445298+0200","flow_id":1594008413317987,"in_iface":"enx00e04c680554","event_type":"flow","src_ip":"59.122.164.158","src_port":40290,"dest_ip":"28.209.165.183","dest_port":37613,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":42,"bytes_toclient":0,"start":"2022-06-26T08:48:30.895843+0200","end":"2022-06-26T08:48:30.895843+0200","age":0,"state":"new","reason":"timeout","alerted":false},"community_id":"1:VBrsjmpK241wHG4eBFnExPagq8o="}
{"timestamp":"2022-06-26T10:07:22.039345+0200","flow_id":1410194846528738,"in_iface":"enx00e04c680554","event_type":"flow","src_ip":"59.122.164.158","src_port":28338,"dest_ip":"111.240.227.101","dest_port":63213,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":42,"bytes_toclient":0,"start":"2022-06-26T10:03:48.537826+0200","end":"2022-06-26T10:03:48.537826+0200","age":0,"state":"new","reason":"timeout","alerted":false},"community_id":"1:yU1gRLwgcjZG4lByg+vGOTNtRwk="}
{"timestamp":"2022-06-26T13:30:54.773556+0200","flow_id":91256295693721,"in_iface":"enx00e04c680554","event_type":"flow","src_ip":"59.122.164.158","src_port":25208,"dest_ip":"162.116.99.54","dest_port":57594,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":42,"bytes_toclient":0,"start":"2022-06-26T13:29:26.368025+0200","end":"2022-06-26T13:29:26.368025+0200","age":0,"state":"new","reason":"shutdown","alerted":false},"community_id":"1:VJi76Rn12meh8H6TIkXYdYB2+Oo="}