Solved

Unauthorized Port Scan, Juniper SSG

Posted on 2009-07-07
3
506 Views
Last Modified: 2012-06-27
I am getting an alarm email from our firewall. It is from 125.68.57.xxx. I'm not familiar with this IP and dont know how to find out who it is.

My question is:
1. Should I be worried?
2. What is a port scan and how can it effect me?
3. WHat should I do?
4. Can I find out what it did to my network?

Thank You
0
Comment
Question by:SW111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 24801107
You can easily find out which place this ip is originated from (www.maxmind.com).

For example, http://www.maxmind.com/app/locate_ip?ips=125.68.57.1, this link would give you where the ip 125.68.57.1 is coming from and other info like that.

1. Yes you should be worried.

2. Port Scan essentially finds out what all services you host inside your network (in other words how a connection can be made to your internal network through the firewall).

3. Put a policy in SSG blocking all the traffic coming from this IP.

4. If you have traffic logs enabled on the firewall, you can browse through and see what all happened wrt. this ip address.

Cheers,
Rajesh
0
 

Author Closing Comment

by:SW111
ID: 31600962
Ok. Thanks. perhaps another info I should have included is that it is scanning this port:
125.68.57.213:6000 to our port xxx.xx.xx.xxx:8090 proto TCP
I dont think we even use this port, although there are a bunch of policies using TCH0-65535 as source. Is this the problem?

Also, I can find only 1 login SSG that describes this event. So there isnt much new info there.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 24803719
See this;

https://isc.sans.org/port.html?port=8090

Cheers,
Rajesh
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question