This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[WARN-856] Portscan detected - recommend steps

hi
please tell me recommend steps after portscan report belowA portscan was detected.
What should i be adding into rules to block that ip ?

Details about the event:

Time.............: 2010:05:03-00:24:08

Source IP address: 94.79.239.132
- Where are my results?
- Query the RIPE Database
- ARIN: WHOIS Database Search
- APNIC - Query the APNIC Whois Database

--
System Uptime      : 1 days 8 hours 11 minutes
System Load        : 0.03
System Version     : Astaro Security Gateway Software 7.504

Please refer to the manual for detailed instructions.

This thread was automatically locked due to age.

Parents

0 BAlfson over 15 years ago

The traffic already is being blocked. If you just want to eliminate such notifications, you can uncheck the box in 'Management >> Notifications'. If you don't want to stop notifications except for this IP, create a packet filter rule, 'Internet -> Any -> External (Address) : Drop'. Check 'Log' if you want to see a record in the packet filter log.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 15 years ago

The traffic already is being blocked. If you just want to eliminate such notifications, you can uncheck the box in 'Management >> Notifications'. If you don't want to stop notifications except for this IP, create a packet filter rule, 'Internet -> Any -> External (Address) : Drop'. Check 'Log' if you want to see a record in the packet filter log.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data