Hello,
I have some customers who can't access their networked printers because SEP 11.0.7200 is blocking due to what NTP believes is a Port Scan attack.
See below:
Event Description:
| Somebody is scanning your computer. Your computer's TCP ports: 56902, 56899, 56901, 56900 and 56897 have been scanned from IP. |
Attack Type:
| Port Scan |
Network Protocol: TCP
Traffic Direction: Inbound
Send SNMP trap: 1
Remote Host Name:
Hack Type: 0
Application Name:
I found a couple articles, one suggested disabling the Dell Advanced Networking Service (sadly this service does not exist). Another suggested an issue with UPnP (is there a way to disable UPnP on the printer).
**I do not want to bandaid this by adding an exception for that printer or adding an Intrusion Prevention exception (I found those suggestions as well).
I'd like to figure out what the issue is and either make a global change on the SEPM (that does not leave me unprotected by NTP) or determine if this is a printer configuration issue, and have the field techs remediate all the printers.
Any thoughts from you brilliant SEP/M experts??
Thanks,
-Mike
P.S. Upgrading to SEP 12.1.2 is also an option if it is a suggested fix.