• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2884
  • Last Modified:

Sonciwall TZ100 Probalbe portscan: what to do?

Hi,

I'm overflooded with portscan messages on my Sonicwall TZ100 sn=0017C5A0F194 time=\\\"2014-07-28 13:24:01\\\" fw=82.93.44.x pri=1 c=32 m=83 msg=\\\"Probable port scan detected\\\" sess=None n=43 src=64.15.124.211:80:X1:cache.google.com dst=81.83.190.35:4938:X1 note=\\\"TCP scanned port list, 11261, 3059, 42527, 36803, 41109, 57745, 13935, 5063, 34779, 4938\\\"

Pls advise what to do.
J.
0
janhoedt
Asked:
janhoedt
1 Solution
 
nappy_dCommented:
Have you purchased any of the add-on subscriptions? Especially the IPS(Intrusion Prevention Service)

http://help.mysonicwall.com/sw/eng/305/ui2/23100/Security_Services/Intrusion_Prevention.htm
0
 
btanExec ConsultantCommented:
looks like the source (64.15.124.211) is registered under youtube (and PTR @ cache.google.com), Sonicwall devices have a default action of dropping 'port scans' when detected. these are all high ports that should be denied by default.

However most of port scan are not attacks and are simple probes to determine services available on a remote machine. At times this log message "Possible port scan detected" appears in the case of false positives, which may occur if an application or user is legitimately connecting to several ports. This is just Detection, there would not be any drop for possible port scan detected, however Sonicwall will drop intensive Port Scan traffic.

If this is legit or expected then you can consider "disabling message "Possible port scan detected" in Logs" https://support.software.dell.com/sonicwall-e-class-nsa-series/kb/sw11594
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now