Source of scan

Posted on 2005-04-20
Last Modified: 2008-01-09
My sonic firewall log has this entry "Probable TCP NULL scan dropped". The source is from our off site office which has 20 computers(mix of w98 & XP). How can I determine which computer is doing the scan?  I have (current) CA antivirus program running  all computers.
Question by:eliallen
    LVL 8

    Accepted Solution

    Do you have access or remote access to the other network? I assume the computers in the offsite office are all behind a router / firewall. Your going to need to sniff the network at the remote site. Alternatively, can you telnet into that router and dump it's logs? If logging is enabled on it, it should show you a routing table with time stamps which would correspond to your logfiles...


    LVL 12

    Assisted Solution

    Or if you are doing nat on the other end its a bit difficult to guess until n unless the log files are stored...It could be some one seriously trying to have some fun...or even the error with firewall interpretation cant be ruled out...
    As mugman21 mentioned if you can listen to the remote traffic or sniff there continuously it may be possible to find out the culprit...
    Or enable logging on the NAT device n make sure the time is sync to NTP so you can correlate with the event..

    Author Comment

    Thanks, I think it was a error in the firewall.

    Featured Post

    Courses: Start Training Online With Pros, Today

    Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    Watchgaurd XTM Policy Manager - creating groups of IP's 2 40
    firewall rules 2 61
    sftp access 4 44
    Linksys LRT 224 forward 3 25
    Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
    If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now