IPS Logs NMap Scans

Hi Everyone,

Where do I got to see if some one has scanned my system - I was watching an Nmap tutorial on pentesting for my own site and the chap mentioned checking your IPS logs to see who'd scanned the system. Any thoughts?

J
RidgejpManaging DirectorAsked:
Who is Participating?
 
Zephyr ICTConnect With a Mentor Cloud ArchitectCommented:
With a proper IDS in place (Snort or BRO for example) you could pick up on these scans. (mind you, don't install these systems on your web server, they should be on a separate box).

If nothing like an IDS is available, the only way you could see if your server is being scanned is to check logs, but it's not really going to show you if nmap specifically was being used. You'll just see connection attempts without requesting a web page for example.

If you would happen to find an ip-address trying different services on your system it could indicate a port-scan for example.

If you're looking into securing your web app you could look into ModSecurity, which is a great open-source tool to secure your web app. (not affiliated)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.