Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Unauthorized Port Scan, Juniper SSG

Posted on 2009-07-07
3
Medium Priority
?
509 Views
Last Modified: 2012-06-27
I am getting an alarm email from our firewall. It is from 125.68.57.xxx. I'm not familiar with this IP and dont know how to find out who it is.

My question is:
1. Should I be worried?
2. What is a port scan and how can it effect me?
3. WHat should I do?
4. Can I find out what it did to my network?

Thank You
0
Comment
Question by:SW111
  • 2
3 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 2000 total points
ID: 24801107
You can easily find out which place this ip is originated from (www.maxmind.com).

For example, http://www.maxmind.com/app/locate_ip?ips=125.68.57.1, this link would give you where the ip 125.68.57.1 is coming from and other info like that.

1. Yes you should be worried.

2. Port Scan essentially finds out what all services you host inside your network (in other words how a connection can be made to your internal network through the firewall).

3. Put a policy in SSG blocking all the traffic coming from this IP.

4. If you have traffic logs enabled on the firewall, you can browse through and see what all happened wrt. this ip address.

Cheers,
Rajesh
0
 

Author Closing Comment

by:SW111
ID: 31600962
Ok. Thanks. perhaps another info I should have included is that it is scanning this port:
125.68.57.213:6000 to our port xxx.xx.xx.xxx:8090 proto TCP
I dont think we even use this port, although there are a bunch of policies using TCH0-65535 as source. Is this the problem?

Also, I can find only 1 login SSG that describes this event. So there isnt much new info there.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 24803719
See this;

https://isc.sans.org/port.html?port=8090

Cheers,
Rajesh
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question