[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Unauthorized Port Scan, Juniper SSG

Posted on 2009-07-07
3
Medium Priority
?
510 Views
Last Modified: 2012-06-27
I am getting an alarm email from our firewall. It is from 125.68.57.xxx. I'm not familiar with this IP and dont know how to find out who it is.

My question is:
1. Should I be worried?
2. What is a port scan and how can it effect me?
3. WHat should I do?
4. Can I find out what it did to my network?

Thank You
0
Comment
Question by:SW111
  • 2
3 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 2000 total points
ID: 24801107
You can easily find out which place this ip is originated from (www.maxmind.com).

For example, http://www.maxmind.com/app/locate_ip?ips=125.68.57.1, this link would give you where the ip 125.68.57.1 is coming from and other info like that.

1. Yes you should be worried.

2. Port Scan essentially finds out what all services you host inside your network (in other words how a connection can be made to your internal network through the firewall).

3. Put a policy in SSG blocking all the traffic coming from this IP.

4. If you have traffic logs enabled on the firewall, you can browse through and see what all happened wrt. this ip address.

Cheers,
Rajesh
0
 

Author Closing Comment

by:SW111
ID: 31600962
Ok. Thanks. perhaps another info I should have included is that it is scanning this port:
125.68.57.213:6000 to our port xxx.xx.xx.xxx:8090 proto TCP
I dont think we even use this port, although there are a bunch of policies using TCH0-65535 as source. Is this the problem?

Also, I can find only 1 login SSG that describes this event. So there isnt much new info there.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 24803719
See this;

https://isc.sans.org/port.html?port=8090

Cheers,
Rajesh
0

Featured Post

[Webinar] Improve your customer journey

A positive customer journey is important in attracting and retaining business. To improve this experience, you can use Google Maps APIs to increase checkout conversions, boost user engagement, and optimize order fulfillment. Learn how in this webinar presented by Dito.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you looking to start a business? Do you own and operate a small company? If so, here are some courses you need to take before you hire a full-time IT staff.
Feeling responsible for an unfortunate ransomware infection on my parent's network, persistence paid off as I was able to decrypt a strain of ransomware that was not previously (or at least publicly) cracked. I hope this helps others out there affec…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Get the source code for a fully functional Access application shell with several popular security features that Access VBA application developers desire, but find difficult or impossible to figure out how to code. You get the source code for managi…
Suggested Courses

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question