Port Scans - how frequent is normal? - Knowledgebase

Portal Home > Knowledgebase > Articles Database > Port Scans - how frequent is normal?

Port Scans - how frequent is normal?

Posted by kangaru, 11-08-2010, 03:43 AM
I installed CSF on my recently setup server. I set security settings to "high" and since installing last night, I have been receiving emails from lfd, reporting port scans about every ten minutes. Only 2 ips have been permanently blocked, most ips that are scanning only try a few times and get temporarily blocked for a few hours. It seems alot of port scanning, but I am not experienced and wanted to ask if it is normal for a server to have its ports scanned every ten minutes?
Posted by sysadm2, 11-08-2010, 04:27 AM
No, this isn't normal. You will ve to verify necessary logs and check to if the attack is happening to any port or any instance specifically. Also, check whether they are valid requests coming to any service, keeping priority to high may even block particular valid requests during high traffic time!
Posted by plumsauce, 11-08-2010, 06:20 AM
On the contrary, port scans are to be expected when sitting on an open network. Even sitting on residential broadband you will see malicious connection attempts every couple of minutes. It's annoying, but if your defences are good, you can safely ignore them. Once you are sure that your setup is correct, you will probably feel comfortable turning of all but the most serious email alerts.