TCP_IN Blocked portscan : 1 source MAC for differents IP over the world ?

Post Reply
idratis3
Junior Member
Posts: 27
Joined: 07 May 2017, 11:36

TCP_IN Blocked portscan : 1 source MAC for differents IP over the world ?

Post by idratis3 »

Hello
I have a mail user witch IP is continuously TCP_IN blocked for portscan.
When I look at the log it uses an MAC-destination:MAC-source:Mac-type combination that is always the same but with different IP all over the world.
But my mailuser says he has a fixed IP !
Does anyone know what is happening ?
Thanks for your help.
Marc
Black Tiger
Junior Member
Posts: 73
Joined: 17 Feb 2009, 14:14
Contact:

Re: TCP_IN Blocked portscan : 1 source MAC for differents IP over the world ?

Post by Black Tiger »

MAC? Oh yeah. I had the same issue with a Mac user. It might be the same problem your user is having.
Mine had an older version of the Mac OS. The older mail version on that OS try's to login in to *any* mail port available when checking for new mail.
Combined with the fact that some fools set their mail check time to once a minute and there is your portscan.

In my case I advised to upgrade to OS X (if I remember correctly) or try to setup the mail program to only use 1 port, so not to use any "automatic" setting.

I hope you already fixed it before reading this, otherwise this might be of help.
Another option is to disable the port scan option.
Post Reply