I'm not sure if this is true or not but on my monitoring messages for my firewall I notice a log of deny udp/icmp packets coming from the same 3-4 ip addresses. this has been going on for about an hour now what can I do to stop that? Is someone running a port scan trying to break into my firewall?
ping/port scans are a dime a dozen on the Internet. That doesn't mean they should be taken lightly though, as they are usually the sign of some sort of reconnaissance attack. As long as your firewall is blocking them, that is fine. If you have something in front of your firewall that can block pings, you can block them before they even hit your firewall.
hi there , being happy the firewall is doing the job of blocking unsolicited host is just not enough as a network admin. Just think of a stranger nocking your home door for two hours three or four hours, you would definately seek to find out more and take some action. This is something you would record and log and not just let it go but watch your logs, one thing you could do is to take notes of that external host IP addres and find which ISP is providing the IP address, you could search "whois" database , that,will provide you with which ISP is the IP block under and report to abuse records on the ISP side.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...