psad scans... how do i stop this?


Apr 24, 2002
Ok i get this scan detection 15-30 times a day.... any one know how to stop it?

I know this has to do with cpanel/whm... the ip is coming from burst, and i have talked to several of the network admins at various times... they all agree it is becuase of whm/cpanel.

i was informed to email nick, but haven't gotten a reply back from him yet. hell i don't even know if i had the right email.

it is just really annouying.....

can anyone help?

=-=-=-=-=-=-=-=-=-=-=-=-=-= May 22 02:15:08 =-=-=-=-=-=-=-=-=-=-=-=-=-=
psad: portscan detected against (

Newly scanned UDP ports: [48426-48450] (since: May 22 02:15:08)
Newly Blocked UDP packets: [2] (since: May 22 02:15:08)
Complete TCP/UDP port range: [32812-59960] (since: May 8 00:29:37)
Total blocked packets: 32
Start time: May 21 14:24:57
End time: May 22 02:15:08
Danger level: 1 out of 5
DNS info: -&

---- Whois Information: ----
Network Operations Center Inc. (NETBLK-HOSTNOC) HOSTNOC -
BurstNET Technologies, Inc. (NETBLK-BURSTNET726) BURSTNET726 -

To single out one record, look it up with &!xxx&, where xxx is the
handle, shown in parenthesis following the name, which comes first.

The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at for DOMAIN related
Information and for NIPRNET Information.

=-=-=-=-=-=-=-=-=-=-=-=-=-= May 22 02:15:08 =-=-=-=-=-=-=-=-=-=-=-=-=-=


Oct 26, 2003
this is psad port scan active detection , your danger level email notification is set to 1 you may want to increase it.

$DANGER_LEVELS{'1'} = 5;
$DANGER_LEVELS{'2'} = 50;<------
$DANGER_LEVELS{'3'} = 1000;
$DANGER_LEVELS{'4'} = 5000;
my $EMAIL_ALERT_DANGER_LEVEL = 2;<-50 from same source

Seeing the ports that are being scanned, it is likely someone (or a virus/worm) looking for Windows machines to exploit. Scans "might" be a before an attemped crack, but by themselves they won't do you any harm.