Below is a sample of the type of messages I'm getting:
TCP srcIP: 192.168.1.4 dstIP: 17.149.36.235 srcPort:50754 dstPort: 5223 dropped - violation of security policy
TCP srcIP: 192.168.1.4 dstIP: 98.138.88.107 srcPort:50835 dstPort: 143 dropped - violation of security policy
ICMP srcIP: 192.168.1.254 dstIP:202.116.160.171 type: 3 code: 3 dropped - violation of security policy
TCP srcIP: 192.168.1.4 dstIP: 17.149.37.64 srcPort:50928 dstPort: 5223 dropped - violation of security policy
TCP srcIP: 192.168.1.103 dstIP: 74.125.224.181 srcPort:50090 dstPort: 443 dropped - violation of security policy
TCP srcIP: 192.168.1.103 dstIP: 199.204.20.100 srcPort:50327 dstPort: 80 dropped - violation of security policy
TCP srcIP: 192.168.1.103 dstIP: 199.204.20.100 srcPort:50329 dstPort: 80 dropped - violation of security policy
TCP srcIP: 192.168.1.103 dstIP: 199.204.20.100 srcPort:50331 dstPort: 80 dropped - violation of security policy
ICMP srcIP: 192.168.1.254 dstIP: 41.239.3.116 type: 3 code: 3 dropped - violation of security policy
ICMP srcIP: 192.168.1.254 dstIP: 208.54.86.255 type: 3 code: 3 dropped - violation of security policy
ICMP srcIP: 192.168.1.254 dstIP: 96.40.147.243 type: 3 code: 3 dropped - violation of security policy
ICMP srcIP: 192.168.1.254 dstIP: 89.249.244.138 type: 3 code: 3 dropped - violation of security policy
ICMP srcIP: 192.168.1.254 dstIP: 41.92.52.6 type: 3 code: 3 dropped - violation of security policy
ICMP srcIP: 192.168.1.254 dstIP: 77.31.247.224 type: 3 code: 3 dropped - violation of security policy
TCP srcIP: 192.168.1.89 dstIP: 204.9.163.166 srcPort:49522 dstPort: 80 dropped - violation of security policy
ICMP srcIP: 192.168.1.254 dstIP: 69.203.83.132 type: 3 code: 3 dropped - violation of security policy
ICMP srcIP: 192.168.1.254 dstIP: 69.138.232.116 type: 3 code: 3 dropped - violation of security policy
ICMP srcIP: 192.168.1.254 dstIP: 96.3.109.72 type: 3 code: 3 dropped - violation of security policy
TCP srcIP: 192.168.1.89 dstIP:209.208.241.213 srcPort:49389 dstPort: 80 dropped - violation of security policy
TCP srcIP: 192.168.1.89 dstIP:209.208.241.213 srcPort:49389 dstPort: 80 dropped - violation of security policy
TCP srcIP: 192.168.1.6 dstIP:209.208.241.212 srcPort: 2541 dstPort: 80 dropped - violation of security policy
ICMP srcIP: 192.168.1.254 dstIP: 174.147.206.6 type: 3 code: 3 dropped - violation of security policy
ICMP srcIP: 192.168.1.254 dstIP: 69.137.71.184 type: 3 code: 3 dropped - violation of security policy
ICMP srcIP: 192.168.1.254 dstIP: 2.25.74.93 type: 3 code: 3 dropped - violation of security policy
If I interpret this correctly, various IP's on the network are generating traffic to external sites that is being stopped by the Netopia for some security violation. Glad the Netopia is stopping the traffic. However, I'm trying to determine if there is a problem that needs to be resolved. Despite the messages, the PC's on the local network aren't getting any obvious signs of issue. The PC's are running anti-virus software and additional malware scans have been done. Neither have turned up any issues.
Questions:
• How can I determine specifically what security policy has been violated? The Netopia documents I've located don't detail the security policies, nor do they explain these messages.
• It's not clear how this traffic is being generated. Some of the destination addresses are associated with known entities like Apple, Microsoft, etc. If this is legit traffic, why is it being dropped?
• On the other hand, some traffic is associated with IPs in China, Egypt and other destinations that I wouldn't expect. In particular, the third entry (see bolded) indicates 192.168.1.254 (which is the Netopia) had traffic dropped that was intended for
202.116.160.171, which is in China, according to Ipillion. How is it that the Netopia is generating this type of traffic?
Would appreciate any help or suggestions.