So, today CIS5's Firewall (Level set to Safe Mode) reported me about a chinese (http://www.ip-adress.com/ip_tracer/220.127.116.11
), who wanted to connect with my MySQL database.
Thus my server was not set up, my MySQL was just standing by, but luckily contained no data...
So I Googled for "Port 3306", comes out, chinese bot did a port scan on me and, when it found out that MySQL was on and listening to port 3306, bot tried to connect to me. Of course I blocked it. But I'm wondering, CIS5 doesn't offer any protection against port scans? What about flood attacks? Or if it does, then where is it and how to set it up?Port scans are often protected through a firewall. A firewall monitors the connections both incoming and outgoing through your computer. One solution that a firewall may enact is opening all the ports and stop port scans from returning any ports. This may work in many cases, but now Port scans have new ways such as ICMP and NULL scans. It is best to investigate all ports that are open, but filtering all port scans to your computer is another approach.