Solved

Port scanning

Posted on 2007-11-14
4
265 Views
Last Modified: 2013-12-04
Lately Im getting tons of Possible port scan dropped messages from one of my remote firewalls.

It looks like somebody is scanning my firewall port by port. What is really strange is that one of the addresses where the scanning is coming from is the address of my SSL VPN???!!!

People in that office use this  SSL VPN once in a while to connect to a Terminal Server in the main office.

Here is an example of a message:

11/14/2007 04:00:29.560 -       Possible port scan dropped -       xxx.xxx.xx.xx(ssl vpn address), 443, WAN -       zzz.zzz.z.zz(remote office IP address), 31691, WAN -       TCP scanned port list, 31685, 31687, 31693, 31695, 31689

Any help would be appreciated.

Thanks!
0
Comment
Question by:adrian1976
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 28

Assisted Solution

by:batry_boy
batry_boy earned 100 total points
ID: 20285957
When you say it's coming from the address of your SSL VPN, is it the assigned IP address of a client being used to access the SSL VPN?  Please clarify...
0
 
LVL 2

Accepted Solution

by:
tryokane earned 400 total points
ID: 20286226
Does any of ur programs run through that port?
0
 

Author Comment

by:adrian1976
ID: 20286278
Thank you for your answers!

When I'm saying the SSL VPN IP address, I'm talking about the public IP address of the device. The device is on the DMZ of the main firewall and is used by remote users to access a terminal server.

For tryokane:

Which port, 443 or 31691?
443 is the port for the secured VPN. 31691 is not in use. The scanning is not only on this port. Every time is a different port.

Thanks!
0
 
LVL 2

Expert Comment

by:tryokane
ID: 20343053
it's hard to tell since we all don't really have control over the client computers and might be a possibility that certain background programs are doing a port scan on the firewall.
0

Featured Post

Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question