Port Scan Attack
Created: 22 Aug 2012 | 11 comments
I have a problem on blocked sites on my firewall, it says that the reason is "port scan attack". on our office the firewall blocks several PC's/IP.
Please help on how to solve this problem.
Discussion Filed Under:
Comments 11 Comments • Jump to latest comment
What sep version are you using ?
"Port Scan Attack!!!" log entry for the Symantec Firewall/VPN Appliance explained
http://www.symantec.com/business/support/index?page=content&id=TECH80213
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
is it a valid ip?
internal or extrenal?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
we have computers in a network with watchguard xtm505 firewall,
most of computers inside the office is being blocked; reason os: port scan attack..
then i manually unblock them from firewall manager..is there any solution to that?. i really need help. I dont have any idea on how to solve this
look Friend
You have 2 options.
You Disables pa SSH port of your AP
Or you Muda Gate.
Example: Porta22, you colaca Port: 122
Here I had many attempts tmb invasion.
I changed the doors snifer ended.
I hope I helped
Fabiano Pessoa
Systems Analyst - Forensic Expert
replace doors, as if it is being done with NMAP qe is likely, he can circumvent the firewall, and no safe solution that except when you study it thoroughly and can circumvent the very NMAP
Fabiano Pessoa
Systems Analyst - Forensic Expert
do not set to block. let it be informative. if the attack is from outside then block the traffic
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
If the attacker renew ip, no good block, best option is to replace the doors.
better yet make a SCNA port on your pc with nmap-sV [ip] check their doors open and change.
doors open is not a sign of vulnerability, but it can be exploited.
the best recommendation is to replace the doors. example, the command nmap-sF-g 53 [ip] can brular any firewall, but if the doors are exchanged, complicates the job of the striker, if he commit yet, do an audit because the attack is someone you know.
hugs
Fabiano Pessoa
Systems Analyst - Forensic Expert
your product to latest built with all features (AV/AS / PTP /NTP )
Till date releases
http://bit.ly/m0vOJp
Your windows machine should be well updated with microsoft patches.
Fabiano Pessoa
Systems Analyst - Forensic Expert
hi, have check attached artical
Port Scan Attack!!!" log entry for the Symantec Firewall/VPN Appliance explained
http://www.symantec.com/business/support/index?page=content&id=TECH80213
Check this thread
https://www-secure.symantec.com/connect/forums/port-scan-attack-logged
https://www-secure.symantec.com/connect/forums/port-scan-attack-blocking-3-5-every-minute
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
If issue is resolved then please mark this thread as a solved.
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
By default, the Symantec Firewall/VPN Appliances (all models) prevent all access initiated from outside the protected network. Any outbound requests originating inside the protected network are allowed through the firewall, and inbound responses to these requests are passed back to the requestor. In this default state, any traffic that is directed at the external (public, or Internet-facing) interface of the SFVPN, is blocked.
If you configure the Virtual Server or Custom Virtual Server functions of the firewall, inbound traffic is allowed through on the ports you specify, and traffic is sent to the computers you specify.
In either scenario, the "Port Scan attack" log entry appears any time that there is inbound traffic to ports not specifically allowed to the external interface of the firewall. These notifications are informative and should not cause concern.
you can use ''http://flyproxy.com'' for teporary to visit the site which is blocked by firewall.. its may be work..
Would you like to reply?
Login or Register to post your comment.