Debian Squeeze (?) very old anyway, Dell server, Juniper SSG5 firewall. 1,000 miles away.
I've started getting email from the firewall down there saying that it detected a port scan. Often enough of them to concern me -- several times a day. -- One just came in. Another 4 hours ago. From different IPs, from different (RIPE) countries. -- Is there any way to stop them? AFAIK, there isn't. I sure can't think of a way. The 'JuniperUsers list' says to talk to my upstream ISP. But I don't see how that would help if they can't do anything either (they also use Juniper). The firewall blocks them after it sees 10 hits from the same IP in 5000 microseconds. But by then Nmap (or eq) has hit 10 ports. Am I overly paranoid here? What if a non-script-kiddie is also doing this, but slowly enough that the firewall doesn't detect it? -- Glenn English
