I managed to find out that its my domain controller of the company that is doing the portscan, however, a check with the documentation reveal that it shouldnt take place at all. Obviously, its a manual attempt by some unknown personality in the company.
Also, the following things took place whilst this portscan was initiated.
A jolk attack was detected by my firewall in the LAN.
A fragment attack was also detected.
My Laptop was bugcheck.
After 1 hr of failed attempt to portscan me, my LAN was disabled.
I just joined the company as a system administrator a few weeks ago and the domain controller is in my control.... yet, such things happened. THus, i suspect it to be an insider job. Is it possible for me to detect the person who is using the server to do the portscan? Also, im aware of some programmes where you can reboot the computer from a network plus banning the MAC. Is there any methods of policy which i could configure to prevent all these from happening?
My main suspicion is a hacker from an external network who may have gained control to my DC...