Hi,
I am getting lots of High Alert of AD -External TCP Scanner... on the Action Taken tab I am seeing "denyPacketRequestedNotPerformed". I want to know what this messages mean.
The Signature fires on victim port 445. In my case, All the attackers [windows based server] are inside my network that attacks the destination 0.0.0.0 on port 445. I have already block those Attackers with ACL on my router from the most source end. But Still I am getting this signature in my report.
Want to know,
1) What this message "denyPacketRequestedNotPerformed" is?
2) Whether putting ACL in the source end is enough for this?
3) Is there any recommended Solution for this signature suppression?
Thanks in advance.
[Attached file is the Alert]
BR//
Adnan