Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Firewall performing portscans?
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
I got this alert from KWF (latest version):
(I changed the host name and IP address.)

Quote:

Portscan detected
Host: firewall.domain.com (1.2.3.4)
Details: protocol: TCP, source: 1.2.3.4, destination: 217.160.183.115, 62.163.24.240, ..., ports: 61445, 64025, 61231, 60737, 6000, 61643, 62157, 61393, 62445, 62957, ...


Now I get portscan alerts more often, no problem. But, as it seems, this time it was KWF itself that performed the portscan (it is mentioned as the source). Or something else running on the KWF machine. However, I'm very confident there's no virus/malware on that machine. The only other thing running on there is Kerio Mailserver (latest version).

Could it be that Windows 2000 Server sometimes performes these scans? Should I be worried? Something else?


  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
No one ever had KWF report a portscan with itself being the originator of the scan?
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
If you run a scanner on the firewall itself you can get this result.
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
feite wrote on Mon, 21 November 2005 18:45

If you run a scanner on the firewall itself you can get this result.


Yes, sure. But I didn't/don't... That's whats worrying me.

I am quite sure the machine is not compromised. I can account for all running processes and services. I can scan the server all I want with virusscanners and not find anything.

So I'm hoping there's another explanation, besides an actual portscan being performed from the KWF machine.
  •  
MI

Messages: 16
Karma: 0
Send a private message to this user
We also have an issue with our SQL servers that are constantly Port Scanning....and I am not sure why...
  •  
caspah

Messages: 1
Karma: 0
Send a private message to this user
I'm having this exact same problem, I get alerts which states the firewall itself is conducting portscans.

Host: marconi.b****ue.com (192.168.100.6)
Details: protocol: TCP, source: 192.168.100.6, destination: 192.168.100.2, 212.106.21.20, 83.14.88.34, ..., ports: 25, 4288, 4289, 4290, 4291, 4293, 4294, 4296, 4297, 1487, ...

It's happening a few times a day lately, I will investigate I will report back if I find anything..
  •  
KCAP

Messages: 94
Karma: 2
Send a private message to this user
Yes,

We had the same log,
it was a application (vectorworks and formZ) who was preforming a portscan as a result of his licences manager, this scans all the time the whole network, every workstation those the same,

i disabled the log entry for portscans....

Teun

Teun
KCAP [NL]
Previous Topic: VPN / Gaming
Next Topic: Online Game Problems
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 05:32:40 CET 2017

Total time taken to generate the page: 0.00400 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.