Hi list! In my SP console I see a lot of TCP_Port_Scan events for Internet IPs to my local IPs. I suppose that this are false positives because of HTTP replies from visited Web-sites, but unfortunately I can't figure out if it's so, because SP (and it's strange) does not show attacker's source port in event details... Does anybody can recommend something to help me investigate these TCP_Port_Scan events.
May be someone have experience in tuning TCP_Port_Scan event? Any feedback will be welcome. Thanks! --- Best regards, Sergey V. Soldatov. Information security department. tel/fax +7 495 745 89 50 tel +7 495 777 77 07 (1613) _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
