Security Basics mailing list archives
Aladdin eSafe Internet security Appliances - active scan
From: Noah.Lance () APCC com
Date: Thu, 12 Feb 2009 16:43:51 -0600
I discovered a device that was actively and aggressively scanning my computer. I did a nmap OS id and it came out as a Aladdin eSafe Appliance (Linux 2.4 Linux 2.6). Looked at their site and it doesn't appear that they have any active type appliances. They all seem to be passive filter type appliances. http://www.aladdin.com/esafe As soon as I noticed this I opened up wireshark and decided to watch any packets with src or dst of the ip. in less than 400 seconds it scanned 11,376 ports consecutively on another computer and then began scanning the next one. It went from IP 255.255.255.98 to ...84 to ...37, so that seemed fairly random but i didn't bother break it down either. Still with the same aggressive scan pattern. Curious if we can shed some light on me about a gateway/content filtering appliance doing an active scan of the internal network, over an IPSec tunnel (possibly three, but the other hops are out of my AOR). Some of the packets did come up as malformed with a correct checksum, as well as a few syn/fin packets out there as well. Thanks for the time all.
Current thread:
- Aladdin eSafe Internet security Appliances - active scan Noah . Lance (Feb 12)
- Re: Aladdin eSafe Internet security Appliances - active scan Javier Reyna Padilla (Feb 13)