Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 4320 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block private IP address

dcline97
My SG210 is getting repeated port scans from 10.242.4.1 (private address).  How do I block any/all access FROM this address?

I've read many similar posts, but each with a bit of a different twist.

Thanks,

Dave


This thread was automatically locked due to age.
  • 0
    10.242.4.0/24 is default IPsec VPN Remote Access IP Pool. Do you have it enabled ?
  • 0
    Hmmmm.  I started comparing VPN logins to the date/time I see the portscans.  This seems to happen when a particular user logs in using ipsec vpn - it's one of the company owners.  Does this mean they may have some malware on their system?
  • 0
    That's possible, Dave, so it would be worth scanning that laptop.  If you don't have anti-virus on all client devices, you might ask your reseller for a quote on UTM Endpoint for your organization.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    We have Sophos endpoint protection on all workstations.  I've scanned and it did not pick up anything.  I'm getting ready to refresh that particular laptop so I will just expedite that process.
  • 0
    Maybe it is just Skype or some torrent client, struggling to establish connection to Internet on every possible port while connected via IPSEC VPN ?
Cookie Information Banner