Comments

  • Interestingly, such traffic stopped showing up. I wonder if the tunnel remained open after the authentication timed out or failed for a user. I'll post screenshots if I see this again but the source ip was in the same subnet as the SSLVPN range. The destinations were all domain controllers. The ports included ldap and…