Recibí un correo electrónico de un cliente con registros IDS. Me preguntaba si el siguiente registro tiene indicaciones reales de que el servidor está en peligro. Si hay ciertas cosas que puedo hacer para diagnosticar la situación, estoy abierto a cualquier sugerencia.
###Log Start##
02/28/2011 08:58:42.352 - Alert - Intrusion Prevention - Possible port scan
detected - x.x.x.x.x, 443, OPT - x.x.x.x.x, 8897, OPT - TCP scanned
port list, 8869, 8867, 8863, 8898, 8899
02/28/2011 09:08:01.144 - Alert - Intrusion Prevention - Possible port scan
detected - x.x.x.x.x, 443, OPT - x.x.x.x.x, 12470, OPT - TCP scanned
port list, 12403, 12454, 12462, 12466, 12472
02/28/2011 09:09:20.080 - Alert - Intrusion Prevention - Probable TCP FIN
scan detected - x.x.x.x.x, 443, OPT - x.x.x.x.x, 14037, OPT - TCP
scanned port list, 13972, 13970, 14023, 13979, 13983
02/28/2011 09:10:58.496 - Alert - Intrusion Prevention - Probable TCP FIN
scan detected - x.x.x.x.x, 443, OPT - x.x.x.x.x, 15749, OPT - TCP
scanned port list, 15755, 15715, 15697, 15717, 15751
02/28/2011 09:14:24.112 - Alert - Intrusion Prevention - Probable TCP FIN
scan detected - x.x.x.x.x, 443, OPT - x.x.x.x.x, 19277, OPT - TCP
scanned port list, 19239, 19266, 19269, 19273, 19275
02/28/2011 09:15:50.592 - Alert - Intrusion Prevention - Probable TCP FIN
scan detected - x.x.x.x.x, 443, OPT - x.x.x.x.x, 21033, OPT - TCP
scanned port list, 21071, 20965, 21111, 20955, 21090
02/28/2011 09:26:15.016 - Alert - Intrusion Prevention - Probable TCP FIN
scan detected - x.x.x.x.x, 443, OPT - x.x.x.x.x, 37244, OPT - TCP
scanned port list, 37260, 37278, 37235, 37238, 37247
02/28/2011 09:28:53.592 - Alert - Intrusion Prevention - Probable TCP FIN
scan detected - x.x.x.x.x, 443, OPT - x.x.x.x.x, 40411, OPT - TCP
scanned port list, 40468, 40453, 40454, 40455, 40465
02/28/2011 09:29:19.128 - Alert - Intrusion Prevention - Possible port scan
detected - x.x.x.x.x, 443, OPT - x.x.x.x.x, 41163, OPT - TCP scanned
port list, 41217, 41216, 41178, 41137, 41138
02/28/2011 09:40:38.240 - Alert - Intrusion Prevention - Probable TCP FIN
scan detected - x.x.x.x.x, 443, OPT - x.x.x.x.x, 55567, OPT - TCP
scanned port list, 55555, 55553, 55582, 55589, 55561
###Log End##