Solved

Unauthorized Port Scan, Juniper SSG

Posted on 2009-07-07
3
505 Views
Last Modified: 2012-06-27
I am getting an alarm email from our firewall. It is from 125.68.57.xxx. I'm not familiar with this IP and dont know how to find out who it is.

My question is:
1. Should I be worried?
2. What is a port scan and how can it effect me?
3. WHat should I do?
4. Can I find out what it did to my network?

Thank You
0
Comment
Question by:SW111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 24801107
You can easily find out which place this ip is originated from (www.maxmind.com).

For example, http://www.maxmind.com/app/locate_ip?ips=125.68.57.1, this link would give you where the ip 125.68.57.1 is coming from and other info like that.

1. Yes you should be worried.

2. Port Scan essentially finds out what all services you host inside your network (in other words how a connection can be made to your internal network through the firewall).

3. Put a policy in SSG blocking all the traffic coming from this IP.

4. If you have traffic logs enabled on the firewall, you can browse through and see what all happened wrt. this ip address.

Cheers,
Rajesh
0
 

Author Closing Comment

by:SW111
ID: 31600962
Ok. Thanks. perhaps another info I should have included is that it is scanning this port:
125.68.57.213:6000 to our port xxx.xx.xx.xxx:8090 proto TCP
I dont think we even use this port, although there are a bunch of policies using TCH0-65535 as source. Is this the problem?

Also, I can find only 1 login SSG that describes this event. So there isnt much new info there.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 24803719
See this;

https://isc.sans.org/port.html?port=8090

Cheers,
Rajesh
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Fraud Email 22 127
New CLI Commands Needed for Cisco ASA 5506 5 64
Virus detection 6 47
sample of wannacry 3 262
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question