Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 10278 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port Scan Logs

OldSchool

Where are the port scan logs saved at? 

I have been getting huge amounts of scans, and I need logs to send to the abuse email addresses. 

TIA

KCI



This thread was automatically locked due to age.
Parents
  • 0

    I've recently been receiving portscan e-mail alerts from something called research.nmap.org?  It'll result in ~140 unique e-mails.  I have portscan protection enabled on my Sophos UTM 9.4 home box, but these are fairly frequent and annoying.  Sophos UTM 9.4 is set to drop traffic so it appears I'm being protected against whatever this is.

    Is there any such thing as a legitimate portscan?  I can't find anything about this research.nmap.org.

    Is it possible to continue to block these attempts while not alerting via e-mail about this specific IP?

    A portscan was detected. Details about the event:

    Time.............: 2016-08-13 05:21:46

    Source IP address: 71.6.152.72 (research.nmap.org)

  • 0 in reply to JasonMiles

    All of the things on the 'Intrusion Prevention' tabs are recorded in the Intrusion Prevention log.

    Check out research.nmap.org - they do real-world tests of the respected nmap scanner.  It will probably be several years before they scan you again, but they're nothing to worry about.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to JasonMiles

    All of the things on the 'Intrusion Prevention' tabs are recorded in the Intrusion Prevention log.

    Check out research.nmap.org - they do real-world tests of the respected nmap scanner.  It will probably be several years before they scan you again, but they're nothing to worry about.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?