Solved

Port scanning

Posted on 2007-11-14
4
263 Views
Last Modified: 2013-12-04
Lately Im getting tons of Possible port scan dropped messages from one of my remote firewalls.

It looks like somebody is scanning my firewall port by port. What is really strange is that one of the addresses where the scanning is coming from is the address of my SSL VPN???!!!

People in that office use this  SSL VPN once in a while to connect to a Terminal Server in the main office.

Here is an example of a message:

11/14/2007 04:00:29.560 -       Possible port scan dropped -       xxx.xxx.xx.xx(ssl vpn address), 443, WAN -       zzz.zzz.z.zz(remote office IP address), 31691, WAN -       TCP scanned port list, 31685, 31687, 31693, 31695, 31689

Any help would be appreciated.

Thanks!
0
Comment
Question by:adrian1976
  • 2
4 Comments
 
LVL 28

Assisted Solution

by:batry_boy
batry_boy earned 100 total points
ID: 20285957
When you say it's coming from the address of your SSL VPN, is it the assigned IP address of a client being used to access the SSL VPN?  Please clarify...
0
 
LVL 2

Accepted Solution

by:
tryokane earned 400 total points
ID: 20286226
Does any of ur programs run through that port?
0
 

Author Comment

by:adrian1976
ID: 20286278
Thank you for your answers!

When I'm saying the SSL VPN IP address, I'm talking about the public IP address of the device. The device is on the DMZ of the main firewall and is used by remote users to access a terminal server.

For tryokane:

Which port, 443 or 31691?
443 is the port for the secured VPN. 31691 is not in use. The scanning is not only on this port. Every time is a different port.

Thanks!
0
 
LVL 2

Expert Comment

by:tryokane
ID: 20343053
it's hard to tell since we all don't really have control over the client computers and might be a possibility that certain background programs are doing a port scan on the firewall.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
jump server vs push server 6 150
ASA Deny No Connection PSH ACK, Traffic is dropped 10 66
Firewall port opening 2 58
RDP Sonicwall 8 66
As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Edureka is one of the fastest growing and most effective online learning sites.  We are here to help you succeed.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now