[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

port scans (OT?)

Debian Squeeze (?) very old anyway, Dell server, Juniper SSG5
firewall. 1,000 miles away.

I've started getting email from the firewall down there saying that it
detected a port scan. Often enough of them to concern me -- several
times a day.

-- One just came in. Another 4 hours ago. From different IPs, from
different (RIPE) countries. --

Is there any way to stop them? AFAIK, there isn't. I sure can't think of a way.

The 'JuniperUsers list' says to talk to my upstream ISP. But I don't
see how that would help if they can't do anything either (they also
use Juniper).

The firewall blocks them after it sees 10 hits from the same IP in
5000 microseconds. But by then Nmap (or eq) has hit 10 ports.

Am I overly paranoid here? What if a non-script-kiddie is also doing
this, but slowly enough that the firewall doesn't detect it?

Glenn English

Reply to: