How can we locate malicious port-scanner on server?

jols

Well-Known Member
Mar 13, 2004
1,110
3
168
Just received this via email today:

"This IP address, xxx.xx.x.xx (our server IP went here), is constantly doing port scans and trying to get into my firewall. Please resolve this matter ASAP."

I assume this is due to some goofball uploading a malicious port-scanner, probably written in binary, probably in a hidden directory, etc.

Question - How can we look for this? Netstat? (I know very little about how to use Netstat.)

By the way, I just ran the latest version of rkhunter and everything looks good there.

Thanks for any response.