Products & Services
I get lot of intrusion attempts to my firewall. I wonder what that might be. Today I got Nmap tcp scan attempt from ip address 220.127.116.11 also from 18.104.22.168, 22.214.171.124, 126.96.36.199 and yesterday from ip addresses 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124. Should I be worried about these or just not ignore???
If this is a business version of F-Secure:
There was an issue about a year ago where several computers on a company network started alerting about Nmap scans. They all had F-Secure Client Security. To make a long story short they finally contacted the ISP for the "attacking" IP-addresses because they were all coming from the same domain. Their response:
"It has come to our attention that F Secure interprets harmless port calls (against torrent clients, streaming media or other applications) as NMap Scan. We get a lot of complaints from our and other customers in Sweden regarding NMAP scan, and everyone uses F Secure."
The software in this case that caused F-Secure to alert about Nmap scans, was Spotify.
You could change the setting for this type of alert to only block and log. However, if you're not using any P2P software there's a possibility that the alerts are correct.
Strangely I haven't seen any comment from F-Secure about this yet...
it is F-Secure Client Security 9.01. Thankey for your replies!
windows firewall is not in use...
Hello @Ashley ,
Note that Client security in version 9.X is not supported anymore and therefore not secure.
Make sure you update to a supported version.
@Simon @NikK thank you for the heads-up and the input.
PS: I moved the post to the correct board.
A large number of firewall alerts (of intrusion), indicates you have machines without antivirus or infected machines. In a few cases, also can be an applicatin where use instrusion code.
The best to do in this case, it is atualize the F-Secure antivirus in the last version (Client Security 11.60 - where use the last version of Deep Guard) in all computers and after this, do a manual scan.