Solved

Port scanning

Posted on 2007-11-14
4
262 Views
Last Modified: 2013-12-04
Lately Im getting tons of Possible port scan dropped messages from one of my remote firewalls.

It looks like somebody is scanning my firewall port by port. What is really strange is that one of the addresses where the scanning is coming from is the address of my SSL VPN???!!!

People in that office use this  SSL VPN once in a while to connect to a Terminal Server in the main office.

Here is an example of a message:

11/14/2007 04:00:29.560 -       Possible port scan dropped -       xxx.xxx.xx.xx(ssl vpn address), 443, WAN -       zzz.zzz.z.zz(remote office IP address), 31691, WAN -       TCP scanned port list, 31685, 31687, 31693, 31695, 31689

Any help would be appreciated.

Thanks!
0
Comment
Question by:adrian1976
  • 2
4 Comments
 
LVL 28

Assisted Solution

by:batry_boy
batry_boy earned 100 total points
ID: 20285957
When you say it's coming from the address of your SSL VPN, is it the assigned IP address of a client being used to access the SSL VPN?  Please clarify...
0
 
LVL 2

Accepted Solution

by:
tryokane earned 400 total points
ID: 20286226
Does any of ur programs run through that port?
0
 

Author Comment

by:adrian1976
ID: 20286278
Thank you for your answers!

When I'm saying the SSL VPN IP address, I'm talking about the public IP address of the device. The device is on the DMZ of the main firewall and is used by remote users to access a terminal server.

For tryokane:

Which port, 443 or 31691?
443 is the port for the secured VPN. 31691 is not in use. The scanning is not only on this port. Every time is a different port.

Thanks!
0
 
LVL 2

Expert Comment

by:tryokane
ID: 20343053
it's hard to tell since we all don't really have control over the client computers and might be a possibility that certain background programs are doing a port scan on the firewall.
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now