"Port Scan Attack!!!" log entry for the Symantec Firewall/VPN Appliance explained

Article:TECH80213  |  Created: 2002-01-26  |  Updated: 2002-01-30  |  Article URL http://www.symantec.com/docs/TECH80213
Article Type
Technical Solution


Issue



You are examining the firewall log file and see several entries that say, "Port Scan Attack!!!" You want more information on these entries.


Solution



By default, the Symantec Firewall/VPN Appliances (all models) prevent all access initiated from outside the protected network. Any outbound requests originating inside the protected network are allowed through the firewall, and inbound responses to these requests are passed back to the requestor. In this default state, any traffic that is directed at the external (public, or Internet-facing) interface of the SFVPN, is blocked.

If you configure the Virtual Server or Custom Virtual Server functions of the firewall, inbound traffic is allowed through on the ports you specify, and traffic is sent to the computers you specify.

In either scenario, the "Port Scan attack" log entry appears any time that there is inbound traffic to ports not specifically allowed to the external interface of the firewall. These notifications are informative and should not cause concern.





Legacy ID



2002082610505254


Article URL http://www.symantec.com/docs/TECH80213


Terms of use for this information are found in Legal Notices