[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] MAD entry in FW log?
It means FW has detected someone trying to port scan your firewall. The origin of 127.0.0.1 is a bit confusing - this indicates that FW *thinks* that someone logged on locally issued a port scan. The action of 'Accept' is also weird. Check in CPMAD.CONF that blocked connection port scanning is set to ON, as it should be rejecting these attempts. ----- Original Message ----- From: Scott Murray <[email protected]> To: <[email protected]> Sent: 13 April 2001 15:01 Subject: [FW1] MAD entry in FW log? > > This morning I saw something I have never seen in my Firewall log: > > Origin = 127.0.0.1 > Type = Alert > Service = [Blank] > Action = Accepet > Rule = [Blank] > Protocol = IP > Product = MAD > INFO = attack=blocked_connection_port_scanning > > WHat does all this mean? Has anyone seen this before? ANy help would be > great! Thanks in advance! > > Scott > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com > > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|