FireWall Blocks The Main Server in Response To Port Scan Event

Discussion in 'Server Security' started by El-Sherif, Jul 3, 2004.

  1. El-Sherif

    El-Sherif Guest


    I am Using Win2003 Server as a DataBase Server For Both Internal Access
    (LAN) and Internet Web Server Access (Though an External Internet Host) , I
    installed a Firewall Software to prevent any access to ports other that the
    SQL-Server Port 1433 and Any Application Other Than SQL-Server

    I have an Internal Web Application On The Main Server ( win2k3) which is
    intended to access the database server to get/post data

    everything goes fine untill the main server tries to portscan the
    database server , then the firewall response by blocking traffic from the
    main server

    I need help in this


    I think If Know the protocol AND/OR application that responds or
    detects portscanning I would open only this kind of traffic to the local
    server , and block this kind of traffic from any other place , unfortunatly
    the firewall can enable/disable port scan detection of the entire system ,
    not to a specfic IP


    Thank You
    El-Sherif, Jul 3, 2004
    1. Advertisements

  2. El-Sherif

    Roger Abell Guest

    This is really a question for the vendor of your firewall product.
    If there is some aspect of that firewall product that, as you have
    described, act as a mini IDS and disables all traffic from an IP
    that is seen as scanning the firewall's IPs, then it seems you have
    the choice of using it or not using it if it does not have the ability
    to exempt that you mentioned as needed.
    Roger Abell, Jul 3, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.