Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

IPS Logs NMap Scans

Posted on 2016-07-14
1
Medium Priority
?
127 Views
Last Modified: 2016-07-18
Hi Everyone,

Where do I got to see if some one has scanned my system - I was watching an Nmap tutorial on pentesting for my own site and the chap mentioned checking your IPS logs to see who'd scanned the system. Any thoughts?

J
0
Comment
Question by:Ridgejp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 25

Accepted Solution

by:
Zephyr ICT earned 2000 total points
ID: 41711799
With a proper IDS in place (Snort or BRO for example) you could pick up on these scans. (mind you, don't install these systems on your web server, they should be on a separate box).

If nothing like an IDS is available, the only way you could see if your server is being scanned is to check logs, but it's not really going to show you if nmap specifically was being used. You'll just see connection attempts without requesting a web page for example.

If you would happen to find an ip-address trying different services on your system it could indicate a port-scan for example.

If you're looking into securing your web app you could look into ModSecurity, which is a great open-source tool to secure your web app. (not affiliated)
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question