Message Image

Skip main navigation (Press Enter).

Endpoint Protection

View Only

Back to discussions

Expand all | Collapse all

Frequent Port Scans from similar IP address

Migration UserNov 24, 2014 12:05 PM

I am not very experienced with web security. I am port scanned on a regular basis by frequently recurring ...

ℬrίαηNov 24, 2014 12:06 PM

Check the security log on the client, it will show the source. Techincally, the port scans themselves ...

RafeeqNov 24, 2014 01:53 PM

if possible post a screen shot.

1. Frequent Port Scans from similar IP address

0 Recommend
Migration User
Posted Nov 24, 2014 12:05 PM

Reply Reply Privately
I am not very experienced with web security. I am port scanned on a regular basis by frequently recurring IP addresses with severity "10". I tried to backtrace (which is succesfull sometimes) and "who-is" which is never successful. Fortunately Symantec is blocking these. Where do I go from here, should I change IP. Any Insight? I have a log of this, but endpoint exports in txt file that this forum cant upload for some reason. Thanks for any help.
2. RE: Frequent Port Scans from similar IP address

0 Recommend
ℬrίαη
Posted Nov 24, 2014 12:06 PM

Reply Reply Privately
Check the security log on the client, it will show the source. Techincally, the port scans themselves are not blocked, but if you turned on active response in the firewall policy, it iwll block the source IP for "x" time that you set.

Automatically blocking connections to an attacking computer
3. RE: Frequent Port Scans from similar IP address

0 Recommend
Rafeeq
Posted Nov 24, 2014 01:53 PM

Reply Reply Privately
if possible post a screen shot.

Copyright 2019. All rights reserved.

Powered by Higher Logic