Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 4635 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to determine source of internal port scans

jmadren
Our main Windows 2003 server has always generated a occasional port scans against the firewall.  That's fine - I don't want to exclude it in case some kind of malware infects the server.

The problem is we started getting lots of port scan warnings with this server being the source.  So something has started running on that server that is port scanning the firewall.  But I don't know how to determine what is doing it.  I don't see anything out of the ordinary running on the server, and we haven't made any changes or installed anything new on the server.

So the question is, how do we track down what is performing these port scans?

Thanks.


This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to eganders_01
    Thanks guys.

    I've been using netstat to try to capture what could be performing the port scan against the firewall, when it's happening.  So far, I haven't found any correlation.  Is it possible that something else on our network is spoofing the ip address of this server?  If so, how would you find it?
Children