Hi.. I've spent two weeks now logging traffic without lan comps, only active HW and one SIEM (Ossim w/ snort) inspecting traffic on my network..
Now my logs show several (Snort: STUN) traffic, with only active HW available... I've had some interesting packets captured (apparently from my ISP, need to check those more), all are trying to get into my first LAN firewall.. Several IPs from different sources, different ports, all data saved... And my first firewall is ISP controlled, they don't react any of my messages :(
The question is what now... Dialogue with ISP, consumer support (by law, not ISP) (Not industrial network)... Forwarding data packets to some other (who? where?) for further analyzing before suing anyone...
For example, Amazon, ISP tries to contact my first own controlled firewall... No comps online on LAN... any suggestions where to go?
Feb 24th 2016
2 years ago