05-28-2014 04:49 AM
I have in my firewall logs events detected as a threat of this IP:
Source IP: 126.96.36.199 Spain
From Zone: Untrust
to my web server:
Destination IP: 195.77.XX.XX
Destination Port: 80
To Zone: DMZ
Multiple Vulnerabilities Types Targeting a Single Source
Acunetix Web Vulnerability Scanner Detection
Microsoft IIS Escaped Characters Decoding Command Execution Vulnerability
HTTP Directory Traversal Vulnerabilit
Microsoft Windows win.ini access attempt
Generic HTTP Cross Site Scripting Attempt
HTTP Cross Site Scripting Attempt
Microsoft SharePoint scriptresx.ashx Cross-site Scripting Vulnerability
How can I avoid or prevent this type of vulnerability scanning? or what recommendations do you suggest me?
05-28-2014 05:36 AM
First you can activate on the security rule the DSRI which will prevent analyse on your server answer.
Or you can create a custom profile for this rule
At the end on your global profile you can disable some alert.
05-29-2014 08:45 AM
Here is a doc that explains on how to exempt an ip address from threat profile
How To Add Exempt IP Addresses From the Threat Monitor Logs
You can use the above doc so it will not scan that.
Here is another useful doc regarding threat prevention.
Threat Prevention Deployment Tech Note
Let us know if this helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!