Bell

petru_garstea · ‎12-21-2023

Hi Bell,
There are a huge amount of the network flows originated from Germany. Basically these flows are scanning the router.

I issued a few abuse emails against the ISP who owns the IP block but I have never received any replies.

Can Bell do anything for instance to warn the ISP from where these flows are originated ?

petru_garstea · ‎12-21-2023

Greetings @Vanadiel

This information is exported by a PF firewall from a custom router and the report is generated by Graylog.

These are flows collected from the last 1 week, it shows the number of blocked traffic by the firewall.

When I rebooted the firewall it got another IP and the amount of blocked traffic has been reduced.

Regards

View reply in original post

Vanadiel · ‎12-21-2023

Looks like Ubiquiti information. Could be legitimate traffic to a client. Typically scans are only small amounts of data, and that looks like large amounts of data compared to the rest of the clients.

If it's Ubiquiti you should be able to see a list of clients, and the corresponding amount of data transfer and type.

I am a Community All-Star and customer. I'm here to help by sharing my knowledge and experience. My views on Bell and the Community Forum are my own and not the views of Bell or any of its affiliates.

petru_garstea · ‎12-21-2023