Hello Everyone, I am seeing many suspicious port scans from India, China, and Mexico. All are dropped at the external interface of our firewall (Checkpoint VPN-1/FW-1 v.4.1, SP2), except for a number of packets similar to below:
.. accept Exchange_ports_1 202.122.224.234 XXX.XXX.XXX.XXX tcp 0 *Where XXX.XXX.XXX.XXX represents our range of external IP addresses, and 0 refers to the Implied Rules. There is no Implied rule that allows an Any to Any connection, or a specified rule involing the Exchange_ports_1 services. Anyone ever have similar circumstances? Any ideas? Thanks, Robert =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
