Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Port scan from an internal network address..How to stop
- Thread starter spyder74
- Start date
Is the attack actually coming from your internal network? If so, just track the workstation, and give the user a smack. If its on the external interface, then I really don't think its a big deal, as this is most likely a spoofed address considering that the firewall cannot route to an internal address like that through its external interface.
Some port scanners such as nmap, have a "decoy feature". The port scan will come from one IP address, but it will also send the same scan from a spoofed address. Add 5 or 6 decoys, and it would be hard to tell where the actual scan was coming from.
Look for identical scans from a different IP address, and you may find the offender. ________________________________________
Check out
Some port scanners such as nmap, have a "decoy feature". The port scan will come from one IP address, but it will also send the same scan from a spoofed address. Add 5 or 6 decoys, and it would be hard to tell where the actual scan was coming from.
Look for identical scans from a different IP address, and you may find the offender. ________________________________________
Check out
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question