Aladdin eSafe Internet security Appliances - active scan
- From: Noah.Lance@xxxxxxxx
- Date: Thu, 12 Feb 2009 16:43:51 -0600
I discovered a device that was actively and aggressively scanning my
computer. I did a nmap OS id and it came out as a Aladdin eSafe Appliance
(Linux 2.4 Linux 2.6). Looked at their site and it doesn't appear that
they have any active type appliances. They all seem to be passive filter
type appliances.
http://www.aladdin.com/esafe
As soon as I noticed this I opened up wireshark and decided to watch any
packets with src or dst of the ip. in less than 400 seconds it scanned
11,376 ports consecutively on another computer and then began scanning the
next one.
It went from IP 255.255.255.98 to ...84 to ...37, so that seemed fairly
random but i didn't bother break it down either. Still with the same
aggressive scan pattern.
Curious if we can shed some light on me about a gateway/content filtering
appliance doing an active scan of the internal network, over an IPSec
tunnel (possibly three, but the other hops are out of my AOR).
Some of the packets did come up as malformed with a correct checksum, as
well as a few syn/fin packets out there as well.
Thanks for the time all.
- Follow-Ups:
- Re: Aladdin eSafe Internet security Appliances - active scan
- From: Javier Reyna Padilla
- Re: Aladdin eSafe Internet security Appliances - active scan
- Prev by Date: Re: security against dba´s
- Next by Date: Re: security against dbaŽs
- Previous by thread: ogaverify.exe and scheduled tasks update
- Next by thread: Re: Aladdin eSafe Internet security Appliances - active scan
- Index(es):
Relevant Pages
|
