Avoid scanning threat vulnerabilities

Reply
Highlighted
L4 Transporter

Avoid scanning threat vulnerabilities

Hello

I have in my firewall logs events detected as a threat of this IP:

Source IP:    84.88.91.1    Spain

From Zone: Untrust

to my web server:

Destination IP:    195.77.XX.XX

Destination Port:    80

To Zone: DMZ

Multiple Vulnerabilities Types Targeting a Single Source

Acunetix Web Vulnerability Scanner Detection

Microsoft IIS Escaped Characters Decoding Command Execution Vulnerability

HTTP Directory Traversal Vulnerabilit

Microsoft Windows win.ini access attempt

Generic HTTP Cross Site Scripting Attempt

HTTP Cross Site Scripting Attempt

Microsoft SharePoint scriptresx.ashx Cross-site Scripting Vulnerability

How can I avoid or prevent this type of vulnerability scanning? or what recommendations do you suggest me?

Thank you.

dicu

L5 Sessionator

Re: Avoid scanning threat vulnerabilities

Hi,

First you can activate on the security rule the DSRI which will prevent analyse on your server answer.

Or you can create a custom profile for this rule

At the end on your global profile you can disable some alert.

Hope help

V.

L5 Sessionator

Re: Avoid scanning threat vulnerabilities

Here is a doc that explains on how to exempt an ip address from threat profile

How To Add Exempt IP Addresses From the Threat Monitor Logs

You can use the above doc so it will not scan that.

Here is another useful doc regarding threat prevention.

Threat Prevention Deployment Tech Note

Let us know if this helps.

Thanks

Numan

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!