Our IP address is being blocked because of a network scanner
Access Points, Linksys RV042 VPN Router, Network Scanners, Network security, WLAN, WLAN access points
Hello
We run a small business with about 20 clients on a lan and wlan
architecture. We dont have a centralized management. We have about 10
engineers who are connected to a VPN. They are using a remote
application located on a University Server. Today, I received a phone
call from their IT manager. ''We are blocking your IP adress beacause it
seems that someone in your network is scanning us with a network tool.
I am wondering if its necessarily one of the VPN client. I mean what are
the odds that one of the clients who dont know the ip of the
University, is infected and starts a network scan...
I have recomended a full install on all the client of malewarebytes...
I dont know what to do more...I have a rv042 router and a wpn4410 access
point. What more can I do to determinate the origins of the attacks.
Thanks
Software/Hardware used:
Software/Hardware used:
ASKED:
November 23, 2010 7:58 PM
UPDATED:
November 25, 2010 11:16 PM
Answer Wiki:
Check your log and events viewer files (VPN, LAN, and WLAN). If NAT is configured on the network, check the NAT log files. Your log and events viewer files is the good place to start your analysis because it keeps track of processes, transaction, etc.
But if you don't have an enable log files, it will be difficult to determine. But as a general security rule, always block ports that you're not using on the network.
To see all answers submitted to the Answer Wiki: View Answer History.
You are assuming that nobody is intentionally scanning the network, but you should consider that possibility as well. Vulnerability scanners are easy to find and download from the internet, and someone might be testing one against the univiersity’s network.