Endpoint Protection

I have a problem on blocked sites on my firewall, it says that the reason is "port scan attack". on our office the firewall blocks several PC's/IP.
Please help on how to solve this problem.

What sep version are you using ?

"Port Scan Attack!!!" log entry for the Symantec Firewall/VPN Appliance explained

http://www.symantec.com/business/support/index?page=content&id=TECH80213

is it a valid ip?

internal or extrenal?

we have computers in a network with watchguard xtm505 firewall,
most of computers inside the office is being blocked; reason os: port scan attack..
then i manually unblock them from firewall manager..is there any solution to that?. i really need help. I dont have any idea on how to solve this

hi, have check attached artical

Port Scan Attack!!!" log entry for the Symantec Firewall/VPN Appliance explained

http://www.symantec.com/business/support/index?page=content&id=TECH80213

Check this thread

https://www-secure.symantec.com/connect/forums/port-scan-attack-logged

https://www-secure.symantec.com/connect/forums/port-scan-attack-blocking-3-5-every-minute

look Friend

You have 2 options.

You Disables pa SSH port of your AP
Or you Muda Gate.

Example: Porta22, you colaca Port: 122


Here I had many attempts tmb invasion.

I changed the doors snifer ended.

I hope I helped

replace doors, as if it is being done with NMAP qe is likely, he can circumvent the firewall, and no safe solution that except when you study it thoroughly and can circumvent the very NMAP

do not set to block. let it be informative. if the attack is from outside then block the traffic

If the attacker renew ip, no good block, best option is to replace the doors.
better yet make a SCNA port on your pc with nmap-sV [ip] check their doors open and change.

doors open is not a sign of vulnerability, but it can be exploited.
the best recommendation is to replace the doors. example, the command nmap-sF-g 53 [ip] can brular any firewall, but if the doors are exchanged, complicates the job of the striker, if he commit yet, do an audit because the attack is someone you know.

hugs

your product to latest built with all features (AV/AS / PTP /NTP )
 
Till date releases
 
http://bit.ly/m0vOJp
 
Your windows machine should be well updated with microsoft patches.
 

By default, the Symantec Firewall/VPN Appliances (all models) prevent all access initiated from outside the protected network. Any outbound requests originating inside the protected network are allowed through the firewall, and inbound responses to these requests are passed back to the requestor. In this default state, any traffic that is directed at the external (public, or Internet-facing) interface of the SFVPN, is blocked.

If you configure the Virtual Server or Custom Virtual Server functions of the firewall, inbound traffic is allowed through on the ports you specify, and traffic is sent to the computers you specify.

In either scenario, the "Port Scan attack" log entry appears any time that there is inbound traffic to ports not specifically allowed to the external interface of the firewall. These notifications are informative and should not cause concern.

you can use ''http://flyproxy.com'' for teporary to visit the site which is blocked by firewall.. its may be work..