• Take 30 seconds to register your free account to access deals, post topics, and view exclusive content!

    Register Today

    Join the largest Oakley Forum on the web!

Port scans from this site

Status
Not open for further replies.

AlanH

I should Work at Oakley
742
1,593
So my net security suite keeps blocking the forum as of late because its detection of a port scan by the site. Coming from the ip 158.106.190.207

Anyone else have this happen?
 
I mean the IP you listed is the site, no reason for it to be blocked though, it's our server and no one else. Does it provide any reason for blocking the IP? Have never heard of this before
 
I am thinking it's a false positive detection because it just started, my symantec end point security software pops up periodically saying port scan detected from the ip, blocking for 600s. It did not previously do that
 
I am thinking it's a false positive detection because it just started, my symantec end point security software pops up periodically saying port scan detected from the ip, blocking for 600s. It did not previously do that

Interesting, did a quick search and it said symantec looks at if multiple ports receive data in a short amount of time. I'm wondering if the data from the site is just downloading in parallel and hence the trigger. I can assure you the site is not scanning anyones computers, nor do we have any desire to. Will look into this further and see what I can find out.
 
I was thinking it could be triggered by an attachment hosting from a third party site. But yes I was doubtful it was anything with the site directly and more a signature issue or hueristic tuning problem.
 
This is what I do for a living, I just have not done to much digging with my tools at the moment
 
Status
Not open for further replies.

Latest Posts

Back
Top