Score:0

How to prevent Netscan? I am using a software on VPS

us flag

The following message is what my hosting sent me.

How to avoid it?

Should I turn off some ports?

I have a software, once I open it, it creates such netscan. But I have to use it, any solution?

If you have any input, please help

netscan

vn flag
What's the software, and why does it do a port scan? If there's a legitimate reason, explain it to your host.
vn flag
Does this answer your question? [How can i find what generates a NetScan Abuse and how to prevent it?](https://serverfault.com/questions/1034078/how-can-i-find-what-generates-a-netscan-abuse-and-how-to-prevent-it)
djdomi avatar
za flag
hetzner scan there own subnets for open proxy. thats normal you had not to hide the url from hetzner
Tilman Schmidt avatar
bd flag
Port 1080 is the default port for SOCKS. Does your software have any configuration options for using a SOCKS proxy?
Tilman Schmidt avatar
bd flag
I would also question the wellfoundedness of your hoster's notification. The log shows a total of two (2) connection attempts, both to same destination port and with different but related destination addresses. That can hardly be considered a netscan. Note that the first four lines are just retries of the same connection, as witnessed by the constant source port.
stackmike avatar
us flag
@TilmanSchmidt You are correct! Our software use proxies, and the proxies have these format: 207.229.xx.xx:1031 Our proxies are US IPs. But the hosting is saying that we are abusing a number of other IPs, which I checked are African IPs.
stackmike avatar
us flag
@ceejayoz I am not sure why the software is doing port scan. I asked the software developer, he denied his software will scan ports. Since my friend who also use the software with the same hosting (on his own VPS) is not having this issue. I accept his comment. I guess it's my own configuration issue, or there is a Trojan in my VPS.
stackmike avatar
us flag
@ceejayoz Thanks for the link you referred me to. That person's problem and confusion is exactly the same as mine. One of the IT genius suggested that OP to do this: iptables -I OUTPUT -o enp4s0 -d 172.16.0.0/12 -j REJECT For my case, my VPS is scanning 160.116.xx.xx 1080 and 163.198.xx.xx 1080. Do I run the iptable command in CMD of my VPS? As I notice all port are 1080, how to block 1080 port?
stackmike avatar
us flag
@TilmanSchmidt I just checked the dashboard of my proxy providers. They are http proxies, they are not socks proxies. Could I assume it is not caused by the use of proxies in the software?
stackmike avatar
us flag
Is it possible to reject all TCP traffic?
Tilman Schmidt avatar
bd flag
Difficult to say without knowing anything about the software and operating system you're using in your VPS.
stackmike avatar
us flag
@TilmanSchmidt Thanks for the reply. I have blocked 1080 port, plus for 80 and 443 port, I am blocking the public access. The software is running again (on Windows 10). My hosting is not contacting me so far. I hope it is not because they are on Easter holiday.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.