Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

psad scans... how do i stop this?

Discussion in 'General Discussion' started by rava, May 22, 2002.

  1. rava

    rava Member

    Apr 24, 2002
    Likes Received:
    Trophy Points:
    Ok i get this scan detection 15-30 times a day.... any one know how to stop it?

    I know this has to do with cpanel/whm... the ip is coming from burst, and i have talked to several of the network admins at various times... they all agree it is becuase of whm/cpanel.

    i was informed to email nick, but haven't gotten a reply back from him yet. hell i don't even know if i had the right email.

    it is just really annouying.....

    can anyone help?

    =-=-=-=-=-=-=-=-=-=-=-=-=-= May 22 02:15:08 =-=-=-=-=-=-=-=-=-=-=-=-=-=
    psad: portscan detected against (

    Newly scanned UDP ports: [48426-48450] (since: May 22 02:15:08)
    Newly Blocked UDP packets: [2] (since: May 22 02:15:08)
    Complete TCP/UDP port range: [32812-59960] (since: May 8 00:29:37)
    Total blocked packets: 32
    Start time: May 21 14:24:57
    End time: May 22 02:15:08
    Danger level: 1 out of 5
    DNS info: -&

    ---- Whois Information: ----
    Network Operations Center Inc. (NETBLK-HOSTNOC) HOSTNOC -
    BurstNET Technologies, Inc. (NETBLK-BURSTNET726) BURSTNET726 -

    To single out one record, look it up with &!xxx&, where xxx is the
    handle, shown in parenthesis following the name, which comes first.

    The ARIN Registration Services Host contains ONLY Internet
    Network Information: Networks, ASN's, and related POC's.
    Please use the whois server at for DOMAIN related
    Information and for NIPRNET Information.

    =-=-=-=-=-=-=-=-=-=-=-=-=-= May 22 02:15:08 =-=-=-=-=-=-=-=-=-=-=-=-=-=
  2. jeffg

    jeffg Registered

    Oct 26, 2003
    Likes Received:
    Trophy Points:
    this is psad port scan active detection , your danger level email notification is set to 1 you may want to increase it.

    $DANGER_LEVELS{'1'} = 5;
    $DANGER_LEVELS{'2'} = 50;<------
    $DANGER_LEVELS{'3'} = 1000;
    $DANGER_LEVELS{'4'} = 5000;
    my $EMAIL_ALERT_DANGER_LEVEL = 2;<-50 from same source

    Seeing the ports that are being scanned, it is likely someone (or a virus/worm) looking for Windows machines to exploit. Scans "might" be a before an attemped crack, but by themselves they won't do you any harm.

Share This Page