LAN to WAN Attack in Secureport

Secureport shows an "Attack" with the Source address being one of my internal workstations (192.168.nnn.nnn), and the destination a WAN address: 138.201.57.222.

I am not able to identify the purpose of the connection to 138.201.57.222
Nor can I identify why Zyxel considers the connection an "Attack".

How do I find out why is this considered an "Attack"?
What is 138.201.57.222?

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,206  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    edited August 2021
     
    Welcome to Zyxel community.
    You can refer to the below forum discussion link:
    The cause is that the session was initiated by the host (192.168.nnn.nnn) on your LAN side and
    accessed the data from the destination WAN IP(138.201.57.222), 
    then Zyxel UTM engine identified this behavior might be a malicious attack so blocked it.
    You can check it belongs to which attack type on the category item such as ADP, IDP, etc.
    You may provide the screenshot to us. Thanks.


    Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L

Security Highlight