Re: port scans
- From: Regis <ordsec@xxxxxxxxx>
- Date: Mon, 22 Feb 2010 10:13:52 -0600
Rick <rick0.merrill@xxxxxxxxxxxxxxxxxx> writes:
Depending on how you are providing that ftp server out to the internet
What do you mean by "how you provide"?
i.e. Is your server plopped into your DMZ by way of sonicwall
configuration, or are specific ports forwarded from the external IP to
a single or subset of ports on the internal IP of the ftp server?
How you are providing ftp service will affect how port scans will
display to you.
(or any other services) will determine how much port scanning you will
see. And naturally, your ability to see the port scan requires some
sort of software being able to identify a port scan as such.
Ok, I'm not seeing "port scans" as much as I am seeing attempted
Poor choice of subject for the thread then? :-)
- which the Sonicwall stops quite nicely, thank you.
Well, then I guess there's no problem then, you're welcome. :-)
More constructively, though the upshod here is that access attempts
and port scans should be quite expected on any internet facing IP
What's not clear to me, though, is whether that explains what you're
seeing in your logs adequately. Your question never mentioned whether
the FTP server was the only externally facing service you were
providing, for instance.
- Prev by Date: Re: port scans
- Next by Date: Re: port scans
- Previous by thread: Re: port scans
- Next by thread: Re: port scans