Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 438 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Portscan Entries

OfficeDefender
Ever since upgrading to 4.017, I've noticed some odd behavior with regard to the portscan notification.  On our network, for example, we have a DNS server on the inside, with all the rules set so it can communicate with the outside world on DNS.  The Astaro firewall DNS proxy points to this internal server for its DNS proxy.  Ever since the upgrade to 4.017, however, some DNS activity on this inside server is setting off  the portscan alarms.  Thoughts or idea on this?

-Steve

2003-Dec  6 11:27:53 (none) kernel: Portscan detected: IN=eth0 OUT=eth1 SRC=192.168.1.2 DST=202.160.241.130 LEN=184 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP SPT=53 DPT=30586 LEN=164 
2003-Dec  6 12:17:42 (none) kernel: Portscan detected: IN=eth0 OUT=eth1 SRC=192.168.1.2 DST=202.160.241.130 LEN=184 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP SPT=53 DPT=30586 LEN=164 
2003-Dec  6 12:48:37 (none) kernel: Portscan detected: IN=eth0 OUT=eth1 SRC=192.168.1.2 DST=212.162.1.194 LEN=184 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP SPT=53 DPT=54798 LEN=164 


This thread was automatically locked due to age.
  • 0
    I was reeding that the portscan notification wasn't working prior to 4.017. That's probably why you now see them and didn't before. I had the same "problem", simply exclude the DNS server from the portscan detection.