Sign in to follow this  
Judg3man

Detected Port Scanning Attack - Sonicwall

Recommended Posts

Hey guys, I've been having this issue pretty regularly and I'm not sure what to try next

We replaced our Sonicwall out at the Fire Dept and everything came up and working fine. Started to get a port scanning attack detected error from our WAN IP on every PC out there. I've added that IP to the IDS exception list. I check the logs on the individual PCs and the ports that are being detected seem to be random(the latest was from 39024). Any help would be appreciated. Thanks 

Share this post


Link to post
Share on other sites

Please post a screen shot of the IDS exclusion that you have created as well as a screen shot of the firewall log with details about the detection.

Share this post


Link to post
Share on other sites

Thank you for the suggestion. SSH hasn't been enabled on the LAN or WAN interfaces. Sorry for the late reply.

Share this post


Link to post
Share on other sites

I would run an external scan against the SonicWall to ensure port 22 shows as stealth or closed. Your can use GRC's Shields Up web site to do that: https://www.grc.com/x/ne.dll?rh1dkyd2

If it shows that port 22 is stealth or closed, then the port 22 traffic is originating from the SonicWall itself.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.