Allow some port scan

I got a HP Photosmart C5100 series printer / scanner. This scanner is plugged onto our network, and have its own IP. For that to work all the computers have a little app / server thingy running. The “demands” are a lot of ports for some reason. And now I can see that the printer scans once in a while these ports.

Date/Time :2007-08-25 09:44:38
Severity :High
Reporter :Network Monitor
Description: UDP Port Scan
Attacker: 192.168.1.50 
Ports: 33796, 27140, 27396, 27908, 28164, 28420, 28932, 29188, 29444, 29700, 29956, 30212, 30468, 30724, 30980, 31236, 31492, 31748, 32004, 32260, 32516, 32772, 33028, 33284, 33540, 21925, 27070, 29861, 21885, 22516, 27134, 30373, 22357, 21933, 27039, 29861, 22357, 54765, 31126, 29861, 21973, 21925, 27030, 30117, 21853, 30125, 27030, 30373, 21973, 21933 
The attacker has been temporarily blocked

So its get blocked :smiley: Well I would rather no have to remove the port scanning protection feature (I love it)… But can I allow one IP to do it :slight_smile:

Thx - Best firewall ever.

Hi.
Is there a prozess? Because if yes, I know the answer.
Regards

Typically, you need to include the printer’s IP address as part of your network’s Zone that has been defined as a Trusted Network; thus allowing unimpeded communication back and forth. That takes care of the Network Monitor.

For Application Monitor, you will need to make sure you have Allowed whatever related software is needed (your little “app/server thingy”… :wink: ) and also the Windows print spooler service. On any of those entries, I would recommend selecting the option to “Allow All Activity” rather than defining each aspect of it. Then in the Miscellaneous tab, select “Skip Advanced Security Checks” and “Allow Invisible Connections.”

You still may have some port scan problems, as for some reason networked printers seem to do that a lot. You might ask HP how you can decrease the printer’s activity on that end; perhaps there is a control for it. You can increase the threshold in CFP, regarding port scan detection, the reaction time, and so on, to help reduce the problem.

Hope that helps,

LM

PS: Looking at HP’s website, it appears that there may be some networking settings within the HP software interface; you may be able to do some configuring there.