juniper ssg blacklisting ip addresses
Posted on 2009-07-09
Someone from the other side of the world has been port scanning my computer with a source port 6000 and end port 8090.
I dont quite understand what they are doing and why and how it affects me, but I've had some recommendations that I should ban/blacklist their IP address. On my side, I'm not too sure that we're even using port 8090, but this person has portscan me 3 times in 1 day.
The problem is that my network guy says the SSG cannot blacklist an IP/domain. There is no way to do this on the interface and that I shouldnt be worried about it anyway because the fact that I'm receiving the alarm messages via email means that the firewall is doing its job and not letting the intruder any access to our network.
I dont think I am being singled out by this person (simply because I dont think of any cause that someone from that side of the world would want to cause intentional harm to my network. So its probably somekind of an automated engine which happen to land on my side). Nevertheless, I'm not too comfortable at my network guy's recommendation to simply ignore it.
The question is:
1. Is there anyway that I can ban this IP/domain from our network? How do I do that in SSG?
Thanks in advance