port scans (OT?)

To: debianUsers <debian-user@lists.debian.org>
Subject: port scans (OT?)
From: Glenn English <ghe2001@gmail.com>
Date: Fri, 22 Dec 2017 20:33:23 +0000
Message-id: <[🔎] CAKS_MTu53QymC4_A1gwS7zB=n3QaXx9VE8iJS_0_6RVaMhQBJA@mail.gmail.com>

Debian Squeeze (?) very old anyway, Dell server, Juniper SSG5
firewall. 1,000 miles away.

I've started getting email from the firewall down there saying that it
detected a port scan. Often enough of them to concern me -- several
times a day.

-- One just came in. Another 4 hours ago. From different IPs, from
different (RIPE) countries. --

Is there any way to stop them? AFAIK, there isn't. I sure can't think of a way.

The 'JuniperUsers list' says to talk to my upstream ISP. But I don't
see how that would help if they can't do anything either (they also
use Juniper).

The firewall blocks them after it sees 10 hits from the same IP in
5000 microseconds. But by then Nmap (or eq) has hit 10 ports.

Am I overly paranoid here? What if a non-script-kiddie is also doing
this, but slowly enough that the firewall doesn't detect it?

--
Glenn English

Reply to:

Follow-Ups:
- Re: port scans (OT?)
  - From: Dan Ritter <dsr@randomstring.org>
- Re: port scans (OT?)
  - From: Cindy-Sue Causey <butterflybytes@gmail.com>
- Re: port scans (OT?)
  - From: "Thomas Schmitt" <scdbackup@gmx.net>
- Re: port scans (OT?)
  - From: Brian <ad44@cityscape.co.uk>

Prev by Date: Re: Saving Sent Messages with Thunderbird
Next by Date: Re: port scans (OT?)
Previous by thread: Re: [solved] scanners no more found on an amd64 laptop
Next by thread: Re: port scans (OT?)
Index(es):
- Date
- Thread