Library items tagged: scanning

Investigating SSH port scans

Anonymous
Monday, February 13, 2012 - 20:09
CSIRT
SSH port scans
advice
incident response
scanning
security
This page provides a brief overview on how to deal with reported SSH scans originating from your own systems. It does not cover SSH scanning targeted at your systems and originating elsewhere.
Read more

Reporting port or address range scanning

Anonymous
Monday, February 13, 2012 - 19:46
CSIRT
address range scanning
incident response
port scanning
scanning
security
What is scanning? See also Port and address scanning. Address range scanning The most common abuse is from a worm (or virus, bot etc) trying to infect other computers by exploiting a single vulnerability on the same port at a great number of addresses. Port scanning You may be reporting packets or connections to a large number of UDP or TCP ports at just one address (or a very small number of addresses).
Read more