Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 3398 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

'Port scans

SteveHart

We just installed a new ATM and we're seeing random series of port scans. Every now and then, maybe once a day, we'll get 50-100 emails from the UTM informing us of a port scan, all from the same IP. Sometimes the IP belongs to our ISPs DNS server, but often it's just a random IP.

Is this any thing to worry about, or is it just a routine failed attack? If it's OK, is there a way to cut down to one email per event instead of dozens?

Thanks,

Steve



This thread was automatically locked due to age.
  • 0

    Sure...in Management -> Notifications section enable "Limit notifications" checkbox.

    Explanation from the built-in help:
    Some security-relevant events such as detected intrusion attempts will create a lot of notifications, which may quickly clog the notification recipients' email inboxes. For this reason, Sophos UTM has sensible default values to limit the number of notifications sent per hour. If you disable this option, every security-relevant event will create a notification, provided the event is configured so as to send a notification on the Management > Notifications > Notifications tab.