Network Protection: Firewall, NAT, QoS, & IPS Port Scan Logs

UTM Firewall requires membership for participation - click to join

Thread Info

State Suggested Answer
Locked Locked
Replies 4 replies
Answers 1 answer
Subscribers 5 subscribers
Views 10277 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port Scan Logs

OldSchool over 9 years ago

Where are the port scan logs saved at?

I have been getting huge amounts of scans, and I need logs to send to the abuse email addresses.

TIA

KCI

This thread was automatically locked due to age.

0 BAlfson over 9 years ago

Do you have 'Limit notifications' selected on the 'Global' tab of 'Management >> Notifications'?

I usually just forward the emailed notification to abuse address of the offender's ISP.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 JasonMiles over 8 years ago

I've recently been receiving portscan e-mail alerts from something called research.nmap.org? It'll result in ~140 unique e-mails. I have portscan protection enabled on my Sophos UTM 9.4 home box, but these are fairly frequent and annoying. Sophos UTM 9.4 is set to drop traffic so it appears I'm being protected against whatever this is.

Is there any such thing as a legitimate portscan? I can't find anything about this research.nmap.org.

Is it possible to continue to block these attempts while not alerting via e-mail about this specific IP?

A portscan was detected. Details about the event:

Time.............: 2016-08-13 05:21:46

Source IP address: 71.6.152.72 (research.nmap.org)
Cancel
Vote Up 0 Vote Down

Cancel
0 sachingurung over 8 years ago in reply to JasonMiles

Hi Jason,

Go to Management > Notifications > Port Scan; uncheck the Email box.

Thanks

Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 8 years ago in reply to JasonMiles

All of the things on the 'Intrusion Prevention' tabs are recorded in the Intrusion Prevention log.

Check out research.nmap.org - they do real-world tests of the respected nmap scanner. It will probably be several years before they scan you again, but they're nothing to worry about.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Share Feedback

×

Submitted a Tech Support Case lately from the Support Portal?