Re: port scans



Rick <rick0.merrill@xxxxxxxxxxxxxxxxxx> writes:

Depending on how you are providing that ftp server out to the internet

What do you mean by "how you provide"?

i.e. Is your server plopped into your DMZ by way of sonicwall
configuration, or are specific ports forwarded from the external IP to
a single or subset of ports on the internal IP of the ftp server?

How you are providing ftp service will affect how port scans will
display to you.

(or any other services) will determine how much port scanning you will
see. And naturally, your ability to see the port scan requires some
sort of software being able to identify a port scan as such.

Ok, I'm not seeing "port scans" as much as I am seeing attempted
access

Poor choice of subject for the thread then? :-)

- which the Sonicwall stops quite nicely, thank you.

Well, then I guess there's no problem then, you're welcome. :-)


More constructively, though the upshod here is that access attempts
and port scans should be quite expected on any internet facing IP
address.

What's not clear to me, though, is whether that explains what you're
seeing in your logs adequately. Your question never mentioned whether
the FTP server was the only externally facing service you were
providing, for instance.




.



Relevant Pages

  • RE: FTP and ISA setup
    ... Please follow the instruction described on the following KB to enable external clients to access your FTP server. ... Local port: Fixed port ... Change the EnablePortAttack value to 1. ...
    (microsoft.public.windows.server.sbs)
  • RE: Some technical errors
    ... If the SMTP server is not running on port 25 TCP it is not a public ... Manager - Computer Assurance Services BDO Chartered Accountants & ...
    (Security-Basics)
  • Re: Managing "capabilities" for security
    ... default tickets are held by the kernel and can be chosen by the parent ... The default ticket for any particular call is assumed unless the ... than to check that the server address on the ticket is good. ... the kernel had to invoke the RPC if the service port IN YOUR ...
    (comp.arch.embedded)
  • RE: FTP Proxy
    ... You're right about the server specifying the port -- I ... to get to a single specific outside FTP server. ... And allowing PASV mode means you can't do that with a simple packet ...
    (Security-Basics)
  • Re: SRV RRs support in Internet Explorer?
    ... The port number could be implicit (i.e. ... At any point in time, a server could fail ... can't effectively LB or backup because NSs cache the records for the TTL ... I still don't see how SRV records would help backup or LB. ...
    (microsoft.public.win2000.dns)