This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM Behavior During a Port Scan

My UTM has been undergoing a port scan for several hours. The scan has the FIN and ACK flags set. From what I can see, the UTM is reporting that the packets are dropped by default. However, in a wireshark trace, I see the UTM sending RST flag packets to the source IP address. I thought the UTM was supposed to drop the packets by default. Setting a rule to drop that IP address has no effect as the UTM still replies to the scanning IP address with a RST packet.

Is this a normal response from a firewall to this type of scan?

This thread was automatically locked due to age.

0 Jas Man over 9 years ago

Hi,

seems to be a normal behavior. I have a similar issue with my UTM and two VLANs. It seems that some systems (especially Linux-like systems) allow packets with ACK flag set and some of them answer to them.

If you found already a answer or explanation to your answer, please let us know.

Jas
Cancel
Vote Up 0 Vote Down

Cancel