Solved

Sonciwall TZ100 Probalbe portscan: what to do?

Posted on 2014-07-28
2
2,403 Views
Last Modified: 2014-07-30
Hi,

I'm overflooded with portscan messages on my Sonicwall TZ100 sn=0017C5A0F194 time=\\\"2014-07-28 13:24:01\\\" fw=82.93.44.x pri=1 c=32 m=83 msg=\\\"Probable port scan detected\\\" sess=None n=43 src=64.15.124.211:80:X1:cache.google.com dst=81.83.190.35:4938:X1 note=\\\"TCP scanned port list, 11261, 3059, 42527, 36803, 41109, 57745, 13935, 5063, 34779, 4938\\\"

Pls advise what to do.
J.
0
Comment
Question by:janhoedt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 32

Expert Comment

by:nappy_d
ID: 40225815
Have you purchased any of the add-on subscriptions? Especially the IPS(Intrusion Prevention Service)

http://help.mysonicwall.com/sw/eng/305/ui2/23100/Security_Services/Intrusion_Prevention.htm
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40225837
looks like the source (64.15.124.211) is registered under youtube (and PTR @ cache.google.com), Sonicwall devices have a default action of dropping 'port scans' when detected. these are all high ports that should be denied by default.

However most of port scan are not attacks and are simple probes to determine services available on a remote machine. At times this log message "Possible port scan detected" appears in the case of false positives, which may occur if an application or user is legitimately connecting to several ports. This is just Detection, there would not be any drop for possible port scan detected, however Sonicwall will drop intensive Port Scan traffic.

If this is legit or expected then you can consider "disabling message "Possible port scan detected" in Logs" https://support.software.dell.com/sonicwall-e-class-nsa-series/kb/sw11594
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
jump server vs push server 6 185
Sonicwall Firewall -- automatic nightly 2am speed tests ? 1 93
Palo Alto Networks: Truly No Hit Count? 2 111
Upgrading from Sonicwall Tz210 6 37
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question