Hi,
Lately we have been seeing a lot of snort blocks of traffic which seems to be 'reversed'. With no specific NAT rules configured it seems that internet hosts are able to reach internal clients on specific ports. For example:
Source: 84.54.51.37:49716 Destination: 192.168.x.222:80 TP-Link Archer Router command injection attempt
How is this possible? Is the reporting wrong maybe?
Thanks,
Frank
