[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Port scanning

Posted on 2007-11-14
4
Medium Priority
?
269 Views
Last Modified: 2013-12-04
Lately Im getting tons of Possible port scan dropped messages from one of my remote firewalls.

It looks like somebody is scanning my firewall port by port. What is really strange is that one of the addresses where the scanning is coming from is the address of my SSL VPN???!!!

People in that office use this  SSL VPN once in a while to connect to a Terminal Server in the main office.

Here is an example of a message:

11/14/2007 04:00:29.560 -       Possible port scan dropped -       xxx.xxx.xx.xx(ssl vpn address), 443, WAN -       zzz.zzz.z.zz(remote office IP address), 31691, WAN -       TCP scanned port list, 31685, 31687, 31693, 31695, 31689

Any help would be appreciated.

Thanks!
0
Comment
Question by:adrian1976
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 28

Assisted Solution

by:batry_boy
batry_boy earned 400 total points
ID: 20285957
When you say it's coming from the address of your SSL VPN, is it the assigned IP address of a client being used to access the SSL VPN?  Please clarify...
0
 
LVL 2

Accepted Solution

by:
tryokane earned 1600 total points
ID: 20286226
Does any of ur programs run through that port?
0
 

Author Comment

by:adrian1976
ID: 20286278
Thank you for your answers!

When I'm saying the SSL VPN IP address, I'm talking about the public IP address of the device. The device is on the DMZ of the main firewall and is used by remote users to access a terminal server.

For tryokane:

Which port, 443 or 31691?
443 is the port for the secured VPN. 31691 is not in use. The scanning is not only on this port. Every time is a different port.

Thanks!
0
 
LVL 2

Expert Comment

by:tryokane
ID: 20343053
it's hard to tell since we all don't really have control over the client computers and might be a possibility that certain background programs are doing a port scan on the firewall.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question