HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Systems Insight Manager
- >
- Re: Daily System Identification causes port scan f...
Server Management - Systems Insight Manager
1830463
Members
2340
Online
110005
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2007 07:48 AM
05-22-2007 07:48 AM
Daily System Identification causes port scan from DMZ
The scheduled job for daily system identification runs at the default time of 4:05PM every day.
I have a very small number of servers and it doesn't effect performance at all, so I don't really care to change the run time.
However, I have SIM manage the few systems we have in the DMZ at two different sites. All routing, firewall and VPN services are provided by a SonicWALL Pro2040 at each site. The SonicWALL at the site that houses our production systems (including the SIM 5.1 server) alerts me every day at 4:05 that the one server in that site's DMZ (our production web server for a hosted J2EE application) is attempting a port scan back to the SIM server. I'm not worried about it being a security problem, as it is obviously being generated by this SIM job, but I just want to get rid of the "wolf cry".
The interesting thing is, the two web servers at the backup site, that are identical in every way to the production server, don't generate this error from that sites' SonicWALL.
Anyone else have a similar configuration / issue?
I have a very small number of servers and it doesn't effect performance at all, so I don't really care to change the run time.
However, I have SIM manage the few systems we have in the DMZ at two different sites. All routing, firewall and VPN services are provided by a SonicWALL Pro2040 at each site. The SonicWALL at the site that houses our production systems (including the SIM 5.1 server) alerts me every day at 4:05 that the one server in that site's DMZ (our production web server for a hosted J2EE application) is attempting a port scan back to the SIM server. I'm not worried about it being a security problem, as it is obviously being generated by this SIM job, but I just want to get rid of the "wolf cry".
The interesting thing is, the two web servers at the backup site, that are identical in every way to the production server, don't generate this error from that sites' SonicWALL.
Anyone else have a similar configuration / issue?
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2007 11:20 AM
05-22-2007 11:20 AM
Re: Daily System Identification causes port scan from DMZ
Hi Andrew,
You should try and resolve this instead of masking as there might be a small chance it might be real in the future.
Whats interesting is my your webserver is reported to be doing the scan when it should be the SIM server.
Whats running on this webserver other than your web application?
Or why not remove the webserver from SIM ID scan?
Jov
You should try and resolve this instead of masking as there might be a small chance it might be real in the future.
Whats interesting is my your webserver is reported to be doing the scan when it should be the SIM server.
Whats running on this webserver other than your web application?
Or why not remove the webserver from SIM ID scan?
Jov
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-23-2007 03:31 AM
05-23-2007 03:31 AM
Re: Daily System Identification causes port scan from DMZ
I definitely don't want to mask the problem, I want to understand it.
Here's the error from the SonicWALL:
05/22/2007 16:05:12.368 - Alert - Intrusion Prevention - Possible port scan detected - 10.0.11.3, 9990, X2 - 10.0.10.9, 3969, X0 - TCP scanned port list, 3916, 3926, 3929, 3954, 3963
11.3 is the DMZ web server
10.9 is the SIM server
The web server is generating the scan from port 9990.
Another good question is: What exactly is the Daily System Identification job doing?
Here's the error from the SonicWALL:
05/22/2007 16:05:12.368 - Alert - Intrusion Prevention - Possible port scan detected - 10.0.11.3, 9990, X2 - 10.0.10.9, 3969, X0 - TCP scanned port list, 3916, 3926, 3929, 3954, 3963
11.3 is the DMZ web server
10.9 is the SIM server
The web server is generating the scan from port 9990.
Another good question is: What exactly is the Daily System Identification job doing?
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP