asl 3.050 and portscan detection

hi,

my asl box thinks of portscan-detected when a machine is asking for dns-port some times.
but it's not thinking of portscan, when some machine is asking all ip-aliases for ftp-port
for example.
isn't this portscanning also?
or is this network-scanning on just one port?

wondering ...

kind regards, Christian

Parents

0 Dennis Koslowski over 23 years ago

Hello,

there is no clear boundary between common network activity and port scanning. Because of it there will be "false alarms" sometimes. To be sure about it, network administrator have to interprete portscan logs.

Greetings,
--
Dennis

[ 07 May 2002: Message edited by: Dennis Koslowski ]
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Dennis Koslowski over 23 years ago

Hello,

there is no clear boundary between common network activity and port scanning. Because of it there will be "false alarms" sometimes. To be sure about it, network administrator have to interprete portscan logs.

Greetings,
--
Dennis

[ 07 May 2002: Message edited by: Dennis Koslowski ]
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Chris_W over 23 years ago in reply to Dennis Koslowski

well,
if someone is asking access on just one (or two) special ports on all ip-aliases directly following each other,
i think it is pretty clear ...
this source ip should (optionally) be banned for further access on all ports (maybe for special time).
so it would make sure, if someone does scanning, he will be banned for a day or so.
this way he might not reach an open port, which possibly is not totally secure.

maybe a feature for future?

kind regards, christian

(and of course i don't want to have false alarms to be banned ;-)
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

asl 3.050 and portscan detection

Submitted a Tech Support Case lately from the Support Portal?