Solved

Sonicwall Possible port scan dropped

Posted on 2016-08-18
5
42 Views
Last Modified: 2016-10-24
For the past two days I've seen a lot of "Possible port scan dropped" on my logs.
UTC 08/18/2016 20:54:11.720 Possible port scan dropped 52.216.64.59, 443,  TCP scanned port list, 27516, 27517, 27518, 27519, 27520  
UTC 08/18/2016 20:43:21.928 Possible port scan dropped 52.84.125.119, 80,  TCP scanned port list, 24453, 24454, 24452, 24456, 24457  
UTC 08/18/2016 20:42:17.896 Possible port scan dropped 216.115.104.240,  TCP scanned port list, 24375, 24370, 24371, 24372, 24373

Some are from Amazon and others are from Akami.

I'm checking all PC's to see if anyone installed Amazon cloud services and so far found nothing. Should I be concerned?
0
Comment
Question by:IT_Fanatic
  • 3
5 Comments
 
LVL 22

Expert Comment

by:David Atkin
ID: 41761619
It could just be a bot scanning your ISP's subnet for IP's with open ports.  We find that our clients get scanned a fair bit.  Personally, I don't pay much attention to it.  Out passwords etc are changed frequently and the only ports open are HTTPS for Exchange.

Your Sonicwall is doing the right thing by dropping them :)
0
 
LVL 7

Accepted Solution

by:
J Spoor earned 500 total points
ID: 41762015
Possible portscans could mean two things,
1) you are really being port scanned
2) you have a host that's communicating with a server but replies are taking too long, so the hsot will send multiple retries, the then late replies are a bunch of packets on random destination ports and will trigger portscan detection as well.

I would say it is the latter. but the problem is on the other end.

nothing really to be concerned about though



View  example configurations and the SonicWALL webui and features on http://livedemo.sonicwall.com or http://ngfw-demo.com
0
 

Author Comment

by:IT_Fanatic
ID: 41762741
A lot of the IPs I see are coming from Amazon cloud front. I'm not aware of anyone using any Amazon software and the only devices plugged into my network are the PC's.

No one plugs in anything without authorization and also I disable open ports on the patch panel so even if they plug in its a dead port. How can I find if a user is using an Amazon service on their PC?
0
 

Author Comment

by:IT_Fanatic
ID: 41762815
Ok so I installed TCPView and found that these IPs are coming from dropbox. Did dropbox switch hosting and is now using Amazon?
0
 

Author Closing Comment

by:IT_Fanatic
ID: 41857015
Thank you. I located that the port scans were from dropbox.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now