• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 200
  • Last Modified:

Internet requests filling firewall logs

I have taken over a site a few months ago of which I have installed a firewall on, reading through the firewall logs there are hundreds of requests for port 135, 139, 445, 1026 and a few other ports all from different ip's

I had planned to open up 443 for owa over ssl but am reluctant due to the amount of access blocks logged in the firewall from outside ip's. Is this normal can anything  be done other than asking there isp for a new static ip and also should I be concerned about opening 443 under these circumstances

Thanks
0
Sid_F
Asked:
Sid_F
2 Solutions
 
Cyclops3590Commented:
won't help.  those are standard ports you listed that hackers scan for.  I have a ton of them on my firewall logs too.  you can change IPs if you wish, but it should take long before you get them again.  

for what the ports are generally used for look at this url

http://www.iss.net/security_center/advice/Exploits/Ports/default.htm
0
 
Leon FesterCommented:
What Cyclops said is 100% correct.

But you should not be too concerned about publishing port 443. If you're going to use SSL, and port 443, then you're already placing a level of trust in your site certificates. With OWA you can enable a various levels of SSL enforced security, including how invalid certificates are being handle. I don't know of any incidents where a SSL ports has been compromised after just a few port scans. It does take awhile to break 128-bit encryption.

Port scans are quite common on all internet facing firewalls these days.

You could try disabling ICMP requests to you external IP, as some programs will first test if the server is up and replying to a ping request before attemping a port scan.
0
 
Sid_FAuthor Commented:
Thanks
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now