Hi, I'm going to monitoring the traffic on my Zywall firewall and I've got some strange results... WAN to LAN it's completely closed except for some ports (in detail: ultravnc 5500,RDP 3389,telnet 23,SSH,HTTP,FTP (20 and 21), SMTP). In Zywall "System reports" I see something strange:
1 TCP(Protocol:6, port:51097) Incoming 2184 (Mbytes) 2 TCP(Protocol:6, port:54749) Incoming 1789 (Mbytes) 3 TCP(Protocol:6, port:51782) Incoming 1620 (Mbytes) 4 TCP(Protocol:6, port:54580) Incoming 1604 (Mbytes) 5 TCP(Protocol:6, port:1736) Incoming 1349 (Mbytes) 6 TCP(Protocol:6, port:47544) Incoming 1222 (Mbytes) 7 TCP(Protocol:6, port:38872) Incoming 1165 (Mbytes)and so on... a lot of bytes from WAN to LAN. Watching others reports, I understand that the traffic seems to be directed to a Linux server (it's a web mail server... and nothing else!) cause the amount of traffic for this server is equivalent to the sum of the singles ports entry.
Now I don't undestand:
1) how the packets enter? Or they are dropped by the firewall and they are only showed by firewall? 2) What kind of traffic is it? It's seems to be P2P traffic ??? 3) It's correct my deduction that this traffic is redirected to mail server or it's not the truth?Tanks guys, and sorry for my terrible english ; )