Thread: Portscan problem
View Single Post
  #1 (permalink)  
Old 04-28-2009, 06:54 AM
jenZ's Avatar
jenZ jenZ is offline
Member
  
Join Date: Mar 2004
Location: Remscheid, Germany
Posts: 72
Arrow Portscan problem
Hello everyone,

since I've had a big problem with attacs from different schools in China, I looked up all the address space that APNIC is handling and made a network group with all these networks in it. I have also made a packet filter rule on the second place of the list which drops all the traffic with logging from these addresses.

Now I still get portscan messages and the source is an address in one of those ip ranges. To be more specific. I get portscan messages from 61.139.105.163 and I double checked my entry which is 60.0.0.0/7 and that should include the ip address above.

Does anyone have ideas? Is the portscan check made before the packet filter??
__________________
2x ASG 320 V7 HA Option
Reply With Quote