An attack Wan to Lan on Zywall 5

cicco · February 2018

Good morning,
in my windows active directory, some users are disabled as if someone tried to force the password. I thought of an attack from the outside. I have a Zywall 5 and some public ip. The NAT (M-1) output is enabled for all clients from 192.168.1.1 to 192.168.1.255 on a public ip y.y.y.10 and for a machine I have a NAT 1-1 from 192.168.1.11 to y.y.y.11. I've always had attempts to access Wan to Wan to ip y.y.y.11 over the years. Now, in the firewall logs I see Wan to Lan attempts from some ip to 192.168.1.11. I do not understand how it's possible to see an ip of the lan from the outside. Can you help me?
Cicco

#Biz_Security_February

Jeremylin · March 2018

The log should show remote user's Wan IP to Zywall5's Wan IP not Lan IP.
Could you show me the screenshot of this case for checking. I think you need to hide part of IP information for security reason:)

An attack Wan to Lan on Zywall 5

All Replies

Categories

Security Highlight

Security Help Center