Solved

Unauthorized Port Scan, Juniper SSG

Posted on 2009-07-07
3
504 Views
Last Modified: 2012-06-27
I am getting an alarm email from our firewall. It is from 125.68.57.xxx. I'm not familiar with this IP and dont know how to find out who it is.

My question is:
1. Should I be worried?
2. What is a port scan and how can it effect me?
3. WHat should I do?
4. Can I find out what it did to my network?

Thank You
0
Comment
Question by:SW111
  • 2
3 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 24801107
You can easily find out which place this ip is originated from (www.maxmind.com).

For example, http://www.maxmind.com/app/locate_ip?ips=125.68.57.1, this link would give you where the ip 125.68.57.1 is coming from and other info like that.

1. Yes you should be worried.

2. Port Scan essentially finds out what all services you host inside your network (in other words how a connection can be made to your internal network through the firewall).

3. Put a policy in SSG blocking all the traffic coming from this IP.

4. If you have traffic logs enabled on the firewall, you can browse through and see what all happened wrt. this ip address.

Cheers,
Rajesh
0
 

Author Closing Comment

by:SW111
ID: 31600962
Ok. Thanks. perhaps another info I should have included is that it is scanning this port:
125.68.57.213:6000 to our port xxx.xx.xx.xxx:8090 proto TCP
I dont think we even use this port, although there are a bunch of policies using TCH0-65535 as source. Is this the problem?

Also, I can find only 1 login SSG that describes this event. So there isnt much new info there.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 24803719
See this;

https://isc.sans.org/port.html?port=8090

Cheers,
Rajesh
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question