Just received this via email today:
"This IP address, xxx.xx.x.xx (our server IP went here), is constantly doing port scans and trying to get into my firewall. Please resolve this matter ASAP."
I assume this is due to some goofball uploading a malicious port-scanner, probably written in binary, probably in a hidden directory, etc.
Question - How can we look for this? Netstat? (I know very little about how to use Netstat.)
By the way, I just ran the latest version of rkhunter and everything looks good there.
Thanks for any response.
"This IP address, xxx.xx.x.xx (our server IP went here), is constantly doing port scans and trying to get into my firewall. Please resolve this matter ASAP."
I assume this is due to some goofball uploading a malicious port-scanner, probably written in binary, probably in a hidden directory, etc.
Question - How can we look for this? Netstat? (I know very little about how to use Netstat.)
By the way, I just ran the latest version of rkhunter and everything looks good there.
Thanks for any response.