Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 484
  • Last Modified:

Sonicwall Possible port scan dropped

For the past two days I've seen a lot of "Possible port scan dropped" on my logs.
UTC 08/18/2016 20:54:11.720 Possible port scan dropped 52.216.64.59, 443,  TCP scanned port list, 27516, 27517, 27518, 27519, 27520  
UTC 08/18/2016 20:43:21.928 Possible port scan dropped 52.84.125.119, 80,  TCP scanned port list, 24453, 24454, 24452, 24456, 24457  
UTC 08/18/2016 20:42:17.896 Possible port scan dropped 216.115.104.240,  TCP scanned port list, 24375, 24370, 24371, 24372, 24373

Some are from Amazon and others are from Akami.

I'm checking all PC's to see if anyone installed Amazon cloud services and so far found nothing. Should I be concerned?
0
IT_Fanatic
Asked:
IT_Fanatic
  • 3
1 Solution
 
David AtkinIT ProfessionalCommented:
It could just be a bot scanning your ISP's subnet for IP's with open ports.  We find that our clients get scanned a fair bit.  Personally, I don't pay much attention to it.  Out passwords etc are changed frequently and the only ports open are HTTPS for Exchange.

Your Sonicwall is doing the right thing by dropping them :)
0
 
J SpoorTMECommented:
Possible portscans could mean two things,
1) you are really being port scanned
2) you have a host that's communicating with a server but replies are taking too long, so the hsot will send multiple retries, the then late replies are a bunch of packets on random destination ports and will trigger portscan detection as well.

I would say it is the latter. but the problem is on the other end.

nothing really to be concerned about though



View  example configurations and the SonicWALL webui and features on http://livedemo.sonicwall.com or http://ngfw-demo.com
0
 
IT_FanaticAuthor Commented:
A lot of the IPs I see are coming from Amazon cloud front. I'm not aware of anyone using any Amazon software and the only devices plugged into my network are the PC's.

No one plugs in anything without authorization and also I disable open ports on the patch panel so even if they plug in its a dead port. How can I find if a user is using an Amazon service on their PC?
0
 
IT_FanaticAuthor Commented:
Ok so I installed TCPView and found that these IPs are coming from dropbox. Did dropbox switch hosting and is now using Amazon?
0
 
IT_FanaticAuthor Commented:
Thank you. I located that the port scans were from dropbox.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now