Port scanning.. should i be concerned ??

keat63 · Nov 27, 2014

Chaps.

I installed CSF this afternoon and can see 3 servers which have been port scanning.
All 3 servers are in the same data centre as my server.

all on the same subnet range

lets assume i'm on xxx.xxx.221.199
The 3 other servers were

xxx.xxx.221.8 11 hits in the last 161 seconds - *Blocked in csf* for 3600 secs
xxx.xxx.220.18 11 hits in the last 166 seconds - *Blocked in csf* for 3600 secs
xxx.xxx.220.23 11 hits in the last 276 seconds - *Blocked in csf* for 3600 secs

When i try to connected to these ip's in my browser each one is showing some form of iis7 landing page with a blue logo and welcome in various languages.

smoge · Nov 27, 2014

Report to your data center with logs

keat63 · Nov 27, 2014

I actually called the server provider, to ask if these servers were anything to do with them, maybe DNS servers or similar.
The guy confirmed that they are indeed their servers, but these are other customers servers.
I've checked again this evening and it seems that CSF has blocked them permanently

24x7ss · Nov 27, 2014

Block the IP's from which port scanning done. File Abuse complaint to your DC so that they have to take action on that servers.

keat63 · Nov 28, 2014

i've reported them this morning.
Thanks

Serra · Dec 1, 2014

As for the question, "Should you be worried?" No, you should not be worried. Port scanning is a very easy task for script using hackers. On a secure server, it really isn't all that useful or dangerous.

quizknows · Dec 2, 2014

Generally when I get reports like these in my data center, it is because the other customers have dropbox with the lansync feature enabled. Lansync sends out tons of broadcast traffic. Likely that's what it is; I'd just block them. You can be sure if your logs show port 17500 that it is dropbox and not intentionally malicious.

I usually see it on windows servers, which is consistent with you seeing IIS.

cPanelMichael · Dec 16, 2014

keat63 said:
I've checked again this evening and it seems that CSF has blocked them permanently

Right, as mentioned, the scan itself is relatively harmless. Note that if you are concerned about overall security of your system, the Security Advisor is a good place to start:

Security Advisor

Thank you.

keat63 · Dec 16, 2014

cPanelMichael said:
Right, as mentioned, the scan itself is relatively harmless. Note that if you are concerned about overall security of your system, the Security Advisor is a good place to start:

Security Advisor

Thank you.

I'm still tweaking security advisor and csf, but still have a heck of a lot to learn.

Thread starter	Similar threads	Forum	Replies	Date
S	Apple Mail client constantly blocked for port scanning	Security	19	Apr 20, 2022
	ip address scanning opened port alert	Security	2	Feb 16, 2021
	LFD and port scanning false positive	Security	1	Dec 11, 2013
N	Explout scanning ports?	Security	4	Apr 9, 2013
A	Frequent UDP_IN Blocked for Port Scanning	Security	0	Jan 4, 2013

Search

Search

Port scanning.. should i be concerned ??

keat63

Well-Known Member

smoge

Well-Known Member

keat63

Well-Known Member

24x7ss

Well-Known Member

keat63

Well-Known Member

Serra

Well-Known Member

quizknows

Well-Known Member

cPanelMichael

Administrator

keat63

Well-Known Member