Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 924 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Persistent Scans

skydiver
So I have been getting port scanned now for over a week from the same IP address somewhere in China
Source IP address: 125.45.109.166 (hn.kd.ny.adsl)

I called our ISP (Timewarner) to see if they can block it higher up in the food chain but they won't.

Any suggestions other than ignore these alerts?  I setup a specific drop rule for this IP address in the packet filter but since we are an American Asian Cuisine Restaurant Chain I worry that this could be a targeted probe.


This thread was automatically locked due to age.
Parents
  • 0
    At least, you can prevent entry and stop logging the drops by creating a packet filter rule using the interface address object: '{125.45.109.166} -> Any -> External (Address) : Drop'.

    You should send a complaint with the relavant log lines to abuse@chinaunicom.cn & abuse@public.zz.ha.cn

    Cheers - Bob
Reply
  • 0
    At least, you can prevent entry and stop logging the drops by creating a packet filter rule using the interface address object: '{125.45.109.166} -> Any -> External (Address) : Drop'.

    You should send a complaint with the relavant log lines to abuse@chinaunicom.cn & abuse@public.zz.ha.cn

    Cheers - Bob
Children
No Data