Jump to content

Detected Port Scanning Attack - Sonicwall


Judg3man
 Share

Recommended Posts

Hey guys, I've been having this issue pretty regularly and I'm not sure what to try next

We replaced our Sonicwall out at the Fire Dept and everything came up and working fine. Started to get a port scanning attack detected error from our WAN IP on every PC out there. I've added that IP to the IDS exception list. I check the logs on the individual PCs and the ports that are being detected seem to be random(the latest was from 39024). Any help would be appreciated. Thanks 

Link to comment
Share on other sites

  • Administrators

Please post a screen shot of the IDS exclusion that you have created as well as a screen shot of the firewall log with details about the detection.

Link to comment
Share on other sites

I would run an external scan against the SonicWall to ensure port 22 shows as stealth or closed. Your can use GRC's Shields Up web site to do that: https://www.grc.com/x/ne.dll?rh1dkyd2

If it shows that port 22 is stealth or closed, then the port 22 traffic is originating from the SonicWall itself.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...