IPS Logs NMap Scans

Ridgejp
Ridgejp used Ask the Experts™
on
Hi Everyone,

Where do I got to see if some one has scanned my system - I was watching an Nmap tutorial on pentesting for my own site and the chap mentioned checking your IPS logs to see who'd scanned the system. Any thoughts?

J
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Cloud Architect
Commented:
With a proper IDS in place (Snort or BRO for example) you could pick up on these scans. (mind you, don't install these systems on your web server, they should be on a separate box).

If nothing like an IDS is available, the only way you could see if your server is being scanned is to check logs, but it's not really going to show you if nmap specifically was being used. You'll just see connection attempts without requesting a web page for example.

If you would happen to find an ip-address trying different services on your system it could indicate a port-scan for example.

If you're looking into securing your web app you could look into ModSecurity, which is a great open-source tool to secure your web app. (not affiliated)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial