Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Exchange_ports_1 Infiltration?

To: [email protected]
Subject: [FW-1] Exchange_ports_1 Infiltration?
From: Robert Woods <[email protected]>
Date: Fri, 12 Oct 2001 14:27:19 -0400
Importance: Normal
In-reply-to: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hello Everyone,
  I am seeing many suspicious port scans from India, China, and Mexico.  All
are dropped at the external interface of our firewall (Checkpoint VPN-1/FW-1
v.4.1, SP2), except for a number of packets similar to below:

.. accept       Exchange_ports_1        202.122.224.234 XXX.XXX.XXX.XXX tcp     0

*Where XXX.XXX.XXX.XXX represents our range of external IP addresses, and 0
refers to the Implied Rules.  There is no Implied rule that allows an Any to
Any connection, or a specified rule involing the Exchange_ports_1 services.
Anyone ever have similar circumstances?  Any ideas?

Thanks,

Robert

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

References:
- Re: [FW-1] Time Synchronization
  - From: "Roelandts, Guy" <[email protected]>

Prev by Date: [FW-1]
Next by Date: Re: [FW-1] How to allow Exchange access
Previous by thread: Re: [FW-1] Time Synchronization
Next by thread: Re: [FW-1] Time Synchronization
Index(es):
- Date
- Thread