Posted on 2007-11-14
Lately Im getting tons of Possible port scan dropped messages from one of my remote firewalls.
It looks like somebody is scanning my firewall port by port. What is really strange is that one of the addresses where the scanning is coming from is the address of my SSL VPN???!!!
People in that office use this SSL VPN once in a while to connect to a Terminal Server in the main office.
Here is an example of a message:
11/14/2007 04:00:29.560 - Possible port scan dropped - xxx.xxx.xx.xx(ssl vpn address), 443, WAN - zzz.zzz.z.zz(remote office IP address), 31691, WAN - TCP scanned port list, 31685, 31687, 31693, 31695, 31689
Any help would be appreciated.