Solved

Sonicwall Possible port scan dropped

Posted on 2016-08-18
5
51 Views
Last Modified: 2016-10-24
For the past two days I've seen a lot of "Possible port scan dropped" on my logs.
UTC 08/18/2016 20:54:11.720 Possible port scan dropped 52.216.64.59, 443,  TCP scanned port list, 27516, 27517, 27518, 27519, 27520  
UTC 08/18/2016 20:43:21.928 Possible port scan dropped 52.84.125.119, 80,  TCP scanned port list, 24453, 24454, 24452, 24456, 24457  
UTC 08/18/2016 20:42:17.896 Possible port scan dropped 216.115.104.240,  TCP scanned port list, 24375, 24370, 24371, 24372, 24373

Some are from Amazon and others are from Akami.

I'm checking all PC's to see if anyone installed Amazon cloud services and so far found nothing. Should I be concerned?
0
Comment
Question by:IT_Fanatic
  • 3
5 Comments
 
LVL 22

Expert Comment

by:David Atkin
ID: 41761619
It could just be a bot scanning your ISP's subnet for IP's with open ports.  We find that our clients get scanned a fair bit.  Personally, I don't pay much attention to it.  Out passwords etc are changed frequently and the only ports open are HTTPS for Exchange.

Your Sonicwall is doing the right thing by dropping them :)
0
 
LVL 7

Accepted Solution

by:
J Spoor earned 500 total points
ID: 41762015
Possible portscans could mean two things,
1) you are really being port scanned
2) you have a host that's communicating with a server but replies are taking too long, so the hsot will send multiple retries, the then late replies are a bunch of packets on random destination ports and will trigger portscan detection as well.

I would say it is the latter. but the problem is on the other end.

nothing really to be concerned about though



View  example configurations and the SonicWALL webui and features on http://livedemo.sonicwall.com or http://ngfw-demo.com
0
 

Author Comment

by:IT_Fanatic
ID: 41762741
A lot of the IPs I see are coming from Amazon cloud front. I'm not aware of anyone using any Amazon software and the only devices plugged into my network are the PC's.

No one plugs in anything without authorization and also I disable open ports on the patch panel so even if they plug in its a dead port. How can I find if a user is using an Amazon service on their PC?
0
 

Author Comment

by:IT_Fanatic
ID: 41762815
Ok so I installed TCPView and found that these IPs are coming from dropbox. Did dropbox switch hosting and is now using Amazon?
0
 

Author Closing Comment

by:IT_Fanatic
ID: 41857015
Thank you. I located that the port scans were from dropbox.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Sonicwall Wireless Subinterface not working 2 65
Palo Alto Firewall Startup Page 3 44
Help enabling http access for Cisco ASA - (ET) 20 73
Firewall port opening 2 67
I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question