Results 1 to 4 of 4
  1. #1
    Newbie
    Join Date
    Jul 2013
    Posts
    10

    Default Rule to log port scans

    I've noticed from time to time that my IP will get multiple ports scanned from the same hosts it there anyway to set up a rule that logs any hosts who scans for multiple open ports?

  2. #2
    Newbie
    Join Date
    Jul 2013
    Posts
    10

    Default

    Follow up Question:

    If I set up a rule on the firewall like

    Source Address is 1.1.1.1
    Action Type: Pass
    Flag = Yes

    Will this open every port to 1.1.1.1 or Will it just log every port 1.1.1.1 accesses?

  3. #3
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    Probably neither. If you are running NAT no inbound traffic is allowed regardless unless you explicitly port forward.
    In this case the sessions are rejected and they don't reach the apps so firewall rules have no effect.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Untanglit
    Join Date
    May 2008
    Posts
    16

    Default

    I posted in a different thread before reading this. Is there any way to log or see what connection attempts are occurring?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2