The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How can we locate malicious port-scanner on server?

Discussion in 'General Discussion' started by jols, Sep 10, 2006.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Just received this via email today:

    "This IP address, xxx.xx.x.xx (our server IP went here), is constantly doing port scans and trying to get into my firewall. Please resolve this matter ASAP."

    I assume this is due to some goofball uploading a malicious port-scanner, probably written in binary, probably in a hidden directory, etc.

    Question - How can we look for this? Netstat? (I know very little about how to use Netstat.)

    By the way, I just ran the latest version of rkhunter and everything looks good there.

    Thanks for any response.
     
Loading...

Share This Page