ConfigServer Security & Firewall - csf v5.49: HOW TO READ FIREWALL EMAIL?
$30-5000 USD
Cancelled
Posted almost 12 years ago
$30-5000 USD
Paid on delivery
Hi,
See below... an email that comes from our firewall. This IP address was blocked for port scanning. Can somebody tell me what ports they were trying to get in on, and how to interpret this?
See bleow:
-----Original Message-----
From: <firewall-monitor@[login to view URL]>
[mailto:firewall-monitor@[login to view URL]]
Sent: Tuesday, April 10, 2012 12:52 PM
To: <firewall-messages@[login to view URL]>
Subject: lfd on [login to view URL]: [login to view URL] (US/United
States/[login to view URL]) blocked for port scanning
Time: Tue Apr 10 12:51:48 2012 -0400
IP: [login to view URL] (US/United States/[login to view URL])
Hits: 11
Blocked: Temporary Block
Sample of block hits:
Apr 10 12:50:28 server kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=
MAC=bc:30:5b:e1:23:61:00:0c:db:f8:2d:00:08:00 SRC=[login to view URL]
DST=[login to view URL] LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=54895 DF PROTO=TCP
SPT=1950 DPT=8059 WINDOW=65535 RES=0x00 SYN URGP=0 Apr 10 12:50:31 server
kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=