• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 271
  • Last Modified:

Port scanning

Lately Im getting tons of Possible port scan dropped messages from one of my remote firewalls.

It looks like somebody is scanning my firewall port by port. What is really strange is that one of the addresses where the scanning is coming from is the address of my SSL VPN???!!!

People in that office use this  SSL VPN once in a while to connect to a Terminal Server in the main office.

Here is an example of a message:

11/14/2007 04:00:29.560 -       Possible port scan dropped -       xxx.xxx.xx.xx(ssl vpn address), 443, WAN -       zzz.zzz.z.zz(remote office IP address), 31691, WAN -       TCP scanned port list, 31685, 31687, 31693, 31695, 31689

Any help would be appreciated.

Thanks!
0
adrian1976
Asked:
adrian1976
  • 2
2 Solutions
 
batry_boyCommented:
When you say it's coming from the address of your SSL VPN, is it the assigned IP address of a client being used to access the SSL VPN?  Please clarify...
0
 
tryokaneCommented:
Does any of ur programs run through that port?
0
 
adrian1976Author Commented:
Thank you for your answers!

When I'm saying the SSL VPN IP address, I'm talking about the public IP address of the device. The device is on the DMZ of the main firewall and is used by remote users to access a terminal server.

For tryokane:

Which port, 443 or 31691?
443 is the port for the secured VPN. 31691 is not in use. The scanning is not only on this port. Every time is a different port.

Thanks!
0
 
tryokaneCommented:
it's hard to tell since we all don't really have control over the client computers and might be a possibility that certain background programs are doing a port scan on the firewall.
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now