I have in my firewall logs events detected as a threat of this IP:
Source IP: 220.127.116.11 Spain
From Zone: Untrust
to my web server:
Destination IP: 195.77.XX.XX
Destination Port: 80
To Zone: DMZ
Multiple Vulnerabilities Types Targeting a Single Source
Acunetix Web Vulnerability Scanner Detection
Microsoft IIS Escaped Characters Decoding Command Execution Vulnerability
HTTP Directory Traversal Vulnerabilit
Microsoft Windows win.ini access attempt
Generic HTTP Cross Site Scripting Attempt
HTTP Cross Site Scripting Attempt
Microsoft SharePoint scriptresx.ashx Cross-site Scripting Vulnerability
How can I avoid or prevent this type of vulnerability scanning? or what recommendations do you suggest me?
First you can activate on the security rule the DSRI which will prevent analyse on your server answer.
Or you can create a custom profile for this rule
At the end on your global profile you can disable some alert.
Here is a doc that explains on how to exempt an ip address from threat profile
You can use the above doc so it will not scan that.
Here is another useful doc regarding threat prevention.
Let us know if this helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!