Jump to content

Archived

This topic is now archived and is closed to further replies.

Judg3man

Detected Port Scanning Attack - Sonicwall

Recommended Posts

Hey guys, I've been having this issue pretty regularly and I'm not sure what to try next

We replaced our Sonicwall out at the Fire Dept and everything came up and working fine. Started to get a port scanning attack detected error from our WAN IP on every PC out there. I've added that IP to the IDS exception list. I check the logs on the individual PCs and the ports that are being detected seem to be random(the latest was from 39024). Any help would be appreciated. Thanks 

Share this post


Link to post
Share on other sites

Please post a screen shot of the IDS exclusion that you have created as well as a screen shot of the firewall log with details about the detection.

Share this post


Link to post
Share on other sites

Thank you for the suggestion. SSH hasn't been enabled on the LAN or WAN interfaces. Sorry for the late reply.

Share this post


Link to post
Share on other sites

I would run an external scan against the SonicWall to ensure port 22 shows as stealth or closed. Your can use GRC's Shields Up web site to do that: https://www.grc.com/x/ne.dll?rh1dkyd2

If it shows that port 22 is stealth or closed, then the port 22 traffic is originating from the SonicWall itself.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×