Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Port Scanning

To: "STL" <[email protected]>, <[email protected]>
Subject: RE: [FW1] Port Scanning
From: "Mike Yates" <[email protected]>
Date: Wed, 13 Jun 2001 08:38:29 -0400
Importance: Normal
In-reply-to: <[email protected]>
Sender: [email protected]

Fairly easy to tell you are being port scanned from the log viewer.  You
will see a series of blocked connections from the same IP address.  You will
see something like this:

Source: <External IP> Destignation <Your Firewall>

Then about 1020 dropped or rejected packets if you have created your policy
well.  The best thing to do is to disable ICMP requests, most port scanners
will "ping" the box to determine if its up / not protected.  If a reply
isn't returned usually the "hacker" will figure that this box is either non
existant or protected inwhich case it isn't worth their time.  There is the
no ping command for most port scanners but again what these people are
looking for is unprotected boxes with documented security flaws.

I suggest downloading Nmap and a free scanning device such as nessus and
scannign your system and seeing how it reacts.  It is the easest way to see
what happens when your scanned, and whether you are protected or not.

-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of STL
Sent: June 13, 2001 12:07 AM
To: [email protected]
Subject: [FW1] Port Scanning



Hi all,

    Can fw-1 detect port scanning? How can we know
that
we are actually port scanned from the Log Viewer? How
to prevent port scanning?

Thanks & Regards



____________________________________________________________
Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Port Scanning
  - From: STL <[email protected]>

Prev by Date: [FW1] Removing old pkg in NOKIA
Next by Date: RE: [FW1] FTP Problems
Previous by thread: [FW1] Port Scanning
Next by thread: [FW1] upgrade 4.0 -> 4.1 Solaris 2.6 X86
Index(es):
- Date
- Thread