Re: firewall intrusion attempts
Could someone move this to the correct board, please?
I get lot of intrusion attempts to my firewall. I wonder what that might be. Today I got Nmap tcp scan attempt from ip address 184.108.40.206 also from 220.127.116.11, 18.104.22.168, 22.214.171.124 and yesterday from ip addresses 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168. Should I be worried about these or just not ignore???
If this is a business version of F-Secure:
There was an issue about a year ago where several computers on a company network started alerting about Nmap scans. They all had F-Secure Client Security. To make a long story short they finally contacted the ISP for the "attacking" IP-addresses because they were all coming from the same domain. Their response:
"It has come to our attention that F Secure interprets harmless port calls (against torrent clients, streaming media or other applications) as NMap Scan. We get a lot of complaints from our and other customers in Sweden regarding NMAP scan, and everyone uses F Secure."
The software in this case that caused F-Secure to alert about Nmap scans, was Spotify.
You could change the setting for this type of alert to only block and log. However, if you're not using any P2P software there's a possibility that the alerts are correct.
Strangely I haven't seen any comment from F-Secure about this yet...
A large number of firewall alerts (of intrusion), indicates you have machines without antivirus or infected machines. In a few cases, also can be an applicatin where use instrusion code.
The best to do in this case, it is atualize the F-Secure antivirus in the last version (Client Security 11.60 - where use the last version of Deep Guard) in all computers and after this, do a manual scan.