2600 Router, SRM 1.3.1
When I turn off or disable the router's Firewall, the Malicious Events drop by 26X! Why?
This investigation started when I noticed a significant increase in Malicious Events when I add Firewall rules to block all countries except the U.S.
The ME graph below shows a sequence of Firewall rules starting with
1) NO Country blocks,
2) BLOCK ALL
3) COUNTRIES BUT the U.S.,
4) NO COUNTRY BLOCKS, and finally,
5) FIREWALL DISABLED.
The last step, 5, emphasizes the significance of the Firewall's relationship with Malicious Events.
I counted the ME for the 8 hours before and 8 hours after NO FIREWALL, shown as the last section in the graph below.
131 MEs with Firewall and 5 Events without Firewall. A 26X reduction.
Is there a problem with the security design of this router?
When I turn off or disable the router's Firewall, the Malicious Events drop by 26X! Why?
This investigation started when I noticed a significant increase in Malicious Events when I add Firewall rules to block all countries except the U.S.
The ME graph below shows a sequence of Firewall rules starting with
1) NO Country blocks,
2) BLOCK ALL
3) COUNTRIES BUT the U.S.,
4) NO COUNTRY BLOCKS, and finally,
5) FIREWALL DISABLED.
The last step, 5, emphasizes the significance of the Firewall's relationship with Malicious Events.
I counted the ME for the 8 hours before and 8 hours after NO FIREWALL, shown as the last section in the graph below.
131 MEs with Firewall and 5 Events without Firewall. A 26X reduction.
Is there a problem with the security design of this router?