Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Port Scan Attack

Created: 22 Aug 2012 | 11 comments

I have a problem on blocked sites on my firewall, it says that the reason is "port scan attack". on our office the firewall blocks several PC's/IP.
Please help on how to solve this problem.

Discussion Filed Under:

Comments 11 CommentsJump to latest comment

Ashish-Sharma's picture

What sep version are you using ?

"Port Scan Attack!!!" log entry for the Symantec Firewall/VPN Appliance explained

http://www.symantec.com/business/support/index?page=content&id=TECH80213

Thanks In Advance

Ashish Sharma

 

 

pete_4u2002's picture

is it a valid ip?

internal or extrenal?

ITintern2012's picture

we have computers in a network with watchguard xtm505 firewall,
most of computers inside the office is being blocked; reason os: port scan attack..
then i manually unblock them from firewall manager..is there any solution to that?. i really need help. I dont have any idea on how to solve this

 

Fabiano.Pessoa's picture

look Friend

You have 2 options.

You Disables pa SSH port of your AP
Or you Muda Gate.

Example: Porta22, you colaca Port: 122

Here I had many attempts tmb invasion.

I changed the doors snifer ended.

I hope I helped

Fabiano Pessoa

Systems Analyst - Forensic Expert

Fabiano.Pessoa's picture

replace doors, as if it is being done with NMAP qe is likely, he can circumvent the firewall, and no safe solution that except when you study it thoroughly and can circumvent the very NMAP

Fabiano Pessoa

Systems Analyst - Forensic Expert

pete_4u2002's picture

do not set to block. let it be informative. if the attack is from outside then block the traffic

Fabiano.Pessoa's picture

If the attacker renew ip, no good block, best option is to replace the doors.
better yet make a SCNA port on your pc with nmap-sV [ip] check their doors open and change.

doors open is not a sign of vulnerability, but it can be exploited.
the best recommendation is to replace the doors. example, the command nmap-sF-g 53 [ip] can brular any firewall, but if the doors are exchanged, complicates the job of the striker, if he commit yet, do an audit because the attack is someone you know.

hugs

Fabiano Pessoa

Systems Analyst - Forensic Expert

Fabiano.Pessoa's picture

your product to latest built with all features (AV/AS / PTP /NTP )
 
Till date releases
 
http://bit.ly/m0vOJp
 
Your windows machine should be well updated with microsoft patches.
 

Fabiano Pessoa

Systems Analyst - Forensic Expert

Ashish-Sharma's picture
 
Hi ITintern2012.
 
Do you have received solution.

If issue is resolved then please mark this thread as a solved.

 

Thanks In Advance

Ashish Sharma

 

 

avi.gawari's picture

 

By default, the Symantec Firewall/VPN Appliances (all models) prevent all access initiated from outside the protected network. Any outbound requests originating inside the protected network are allowed through the firewall, and inbound responses to these requests are passed back to the requestor. In this default state, any traffic that is directed at the external (public, or Internet-facing) interface of the SFVPN, is blocked.

If you configure the Virtual Server or Custom Virtual Server functions of the firewall, inbound traffic is allowed through on the ports you specify, and traffic is sent to the computers you specify.

In either scenario, the "Port Scan attack" log entry appears any time that there is inbound traffic to ports not specifically allowed to the external interface of the firewall. These notifications are informative and should not cause concern.

you can use ''http://flyproxy.com'' for teporary to visit the site which is blocked by firewall.. its may be work..