I've recently installed a new Sonicwall Pro-VX and successfully implemented it into my network. My company's T1 line comes into a Cisco 2500 router and then directly into the WAN port on the Sonicwall.
My log file on the Sonicwall is showing some pretty dedicated and regular port scanning, by Source IP:
I've ran some basic checks on that IP and found it to be on "blackmajick.net", which has been black listed by a few antispam sites and shows up on various security warning sites.
There's a flurry of activity (and 5 or 6 entries in the Sonicwall log) about every 8 minutes.
From what I understand, physically having the Sonicwall in place does protect me from the port scanning itself, but all those attempts fill up my log files and (to be honest), makes me feel a bit victimized... especially because I head to www.blackmagick.net
and see a bunch of stuff related to IRC scripts and photos of pimply teenagers.
Is it possible for me to setup either my router or my Sonicwall to completely block or ignore any and all traffic coming from that IP? I'm not a complete expert on the Cisco IOS but I can follow instructions well.. and there doesn't appear to be much in the router's config file - no access lists, etc. Is there another thing I should consider trying?
In the SonicWall logs, I also regularly see "ICMP packet dropped [router public IP addy], 5, WAN [SW public IP addy], 5, WAN 'Route Redirect'" I don't think that's related to my port scanning issue, but the two log entries do seem to show up at the same regularilty, and Sonicwall's tech support site says something generic like "because of a misconfigured router".