Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 38 subscribers
  • Views 592 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM - FTP Portscan

DasBill
Hallo,

ich habe hier eine UTM bei der folgendes "Problem" besteht.

Bei einem FTP Login (Port 21) auf einen meiner Zielserver innerhalb meines UTM Subnetzes erhalte ich ständig eine E-Mail über einen angeblichen Portscan dieses Verhalten tritt auf sobald eine bestimmte Anzahl an Paketen gesendet wurden.

2014:11:06-10:54:27 hostfw ulogd[13149]: id="2102" severity="info" sys="SecureNet" sub="ips" name="portscan detected" action="portscan" fwrule="60017" initf="eth0" outitf="eth1" srcmac="3c:61:4:69:93:18" dstmac="0:50:54:0:4d:53" srcip="home-ip" dstip="ziel-ip" proto="6" length="52" tos="0x02" prec="0x00" ttl="111" srcport="11235" dstport="443" tcpflags="SYN"
2014:11:06-10:54:27 hostfw ulogd[13149]: id="2102" severity="info" sys="SecureNet" sub="ips" name="portscan detected" action="portscan" fwrule="60017" initf="eth0" outitf="eth1" srcmac="3c:61:4:69:93:18" dstmac="0:50:54:0:4d:53" srcip="home-ip" dstip="ziel-ip" proto="6" length="52" tos="0x02" prec="0x00" ttl="111" srcport="11238" dstport="48018" tcpflags="SYN"
2014:11:06-10:54:31 hostfw ulogd[13149]: id="2102" severity="info" sys="SecureNet" sub="ips" name="portscan detected" action="portscan" fwrule="60017" initf="eth0" outitf="eth1" srcmac="3c:61:4:69:93:18" dstmac="0:50:54:0:4d:53" srcip="home-ip" dstip="ziel-ip" proto="6" length="52" tos="0x02" prec="0x00" ttl="111" srcport="11235" dstport="443" tcpflags="SYN"
2014:11:06-10:54:31 hostfw ulogd[13149]: id="2102" severity="info" sys="SecureNet" sub="ips" name="portscan detected" action="portscan" fwrule="60017" initf="eth0" outitf="eth1" srcmac="3c:61:4:69:93:18" dstmac="0:50:54:0:4d:53" srcip="home-ip" dstip="ziel-ip" proto="6" length="52" tos="0x02" prec="0x00" ttl="111" srcport="11238" dstport="48018" tcpflags="SYN"
2014:11:06-10:54:38 hostfw ulogd[13149]: id="2102" severity="info" sys="SecureNet" sub="ips" name="portscan detected" action="portscan" fwrule="60017" initf="eth0" outitf="eth1" srcmac="3c:61:4:69:93:18" dstmac="0:50:54:0:4d:53" srcip="home-ip" dstip="ziel-ip" proto="6" length="52" tos="0x02" prec="0x00" ttl="111" srcport="11257" dstport="52402" tcpflags="SYN"
2014:11:06-10:54:42 hostfw ulogd[13149]: id="2102" severity="info" sys="SecureNet" sub="ips" name="portscan detected" action="portscan" fwrule="60017" initf="eth0" outitf="eth1" srcmac="3c:61:4:69:93:18" dstmac="0:50:54:0:2d:53" srcip="home-ip" dstip="ziel-ip" proto="6" length="52" tos="0x02" prec="0x00" ttl="111" srcport="11257" dstport="52402" tcpflags="SYN"


Zu dem würde ich gerne wissen ob man irgendwie Anfragen
die durch die UTM (Intrusion Prevention + Advanced Threat Protection) beschleunigen könnten da die Ladezeit von Webseiten einen ticken schneller sein könnten.



Viele Grüße

DasBill


This thread was automatically locked due to age.
Unfiltered HTML