Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » possible security issue
  •  
beachmat

Messages: 65
Karma: 0
Send a private message to this user
I've noticed some suspect-looking entries in the security log - see below (I've changed bits of it)

Client for Web session(id=1ef29be380721351c01e8bbdf465efd4196b70bde94a54ndj idiwjd856; user=user<_at_>domain.com)changed IP address: created for IP=192.168.1.111, secure=yes, new connection from IP=62.254.168.1, secure=yes

The computer on 192.168.1.111 has Kerio client running, but not a web session, and I don't understand how the same session can change IP unless there is something like VPN happening (which there isn't), and I don't recognise the external IP. Just wondering if this is anything to be concerned about?

Thanks
  •  
freakinvibe

Messages: 1554
Karma: 62
Send a private message to this user
This is indeed strange. The IP address is owned by a company called Leach Color Limited in the UK.

https://weareleach.com/

If you would not expect a connection from this company, you can probably block this IP address on your firewall.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
beachmat

Messages: 65
Karma: 0
Send a private message to this user
Thanks for the reply. Leach are one of our clients actually, but that was not the only IP listed with these alerts. I don't understand why any external IP not in use by a registered user would be listed as having a web session (and they are not shown in active connections).
  •  
freakinvibe

Messages: 1554
Karma: 62
Send a private message to this user
I don't know that. But you normally get these entries if the IP address of the client device changes during a session. Example: Your smart phone is on Wifi, then loses the Wifi connection and switches to 4G data. This will change the IP address.

You could try to switch the following setting on, to get to the bottom of this:

"Force Kerio Connect clients to log out if the user's IP address changes"

It is under Advanced Settings > Kerio Connect Client

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
Previous Topic: The acquisition -- I am worried
Next Topic: accented characters
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 04:42:07 CET 2017

Total time taken to generate the page: 0.00383 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.