Jump to content

95 Port Scanning blocks from 1 malicious IP. Do I need to do anything?


Recommended Posts

Good morning everyone,

 

     I have observed the Troubleshooting Log shows an entry this morning (during the past hour) where ESS blocked 95 UDP inbound port scanning attempts all at once from IP address:  209.126.110.5.  After the first block, ESS put the IP address in the temporary blacklist area.  [screenshot attached below].

 

post-10531-0-17973000-1458737589_thumb.png

Checking the IP at Hosts-file.net shows it to be flagged red (malicious).  The IP is apparently located in St. Louis, Missouri (USA).  IPvoid, VirusTotal, and Senderbase did not flag the IP address, however.

 

My questionIs there any action I need to take, such as, adding that IP address to the IDS Exceptions list to ensure any future inbound UDP port scanning attempts are blocked, logged, and I am notified?

 

Thank you for your time and any enlightenment!

 

Pete

Edited by spc3rd
Link to comment
Share on other sites

Hi Tom,

 

     Thanks very much for the info link!  If I'm understanding it correctly, then ESS will automatically continue to block any future such major port scanning attempts and I don't need to take any additional action.  Sounds like a 'winner' to me!

 

Cheers! :)

 

Pete

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...