Score:0

Server

How to prevent Netscan? I am using a software on VPS

stackmike

8/15/23, 3:08 PM

The following message is what my hosting sent me.

How to avoid it?

Should I turn off some ports?

I have a software, once I open it, it creates such netscan. But I have to use it, any solution?

If you have any input, please help

0 + 0

networking

ceejayoz

8/15/23, 3:12 PM

What's the software, and why does it do a port scan? If there's a legitimate reason, explain it to your host.

ceejayoz

8/15/23, 3:13 PM

Does this answer your question? [How can i find what generates a NetScan Abuse and how to prevent it?](https://serverfault.com/questions/1034078/how-can-i-find-what-generates-a-netscan-abuse-and-how-to-prevent-it)

djdomi

8/15/23, 5:15 PM

hetzner scan there own subnets for open proxy. thats normal you had not to hide the url from hetzner

Tilman Schmidt

8/15/23, 6:19 PM

Port 1080 is the default port for SOCKS. Does your software have any configuration options for using a SOCKS proxy?

Tilman Schmidt

8/15/23, 6:25 PM

I would also question the wellfoundedness of your hoster's notification. The log shows a total of two (2) connection attempts, both to same destination port and with different but related destination addresses. That can hardly be considered a netscan. Note that the first four lines are just retries of the same connection, as witnessed by the constant source port.

stackmike

8/16/23, 3:29 AM

@TilmanSchmidt You are correct! Our software use proxies, and the proxies have these format: 207.229.xx.xx:1031 Our proxies are US IPs. But the hosting is saying that we are abusing a number of other IPs, which I checked are African IPs.

stackmike

8/16/23, 3:31 AM

@ceejayoz I am not sure why the software is doing port scan. I asked the software developer, he denied his software will scan ports. Since my friend who also use the software with the same hosting (on his own VPS) is not having this issue. I accept his comment. I guess it's my own configuration issue, or there is a Trojan in my VPS.

stackmike

8/16/23, 3:39 AM

@ceejayoz Thanks for the link you referred me to. That person's problem and confusion is exactly the same as mine. One of the IT genius suggested that OP to do this: iptables -I OUTPUT -o enp4s0 -d 172.16.0.0/12 -j REJECT For my case, my VPS is scanning 160.116.xx.xx 1080 and 163.198.xx.xx 1080. Do I run the iptable command in CMD of my VPS? As I notice all port are 1080, how to block 1080 port?

stackmike

8/16/23, 3:45 AM

@TilmanSchmidt I just checked the dashboard of my proxy providers. They are http proxies, they are not socks proxies. Could I assume it is not caused by the use of proxies in the software?

stackmike

8/16/23, 4:09 AM

Is it possible to reject all TCP traffic?

Tilman Schmidt

8/16/23, 2:12 PM

Difficult to say without knowing anything about the software and operating system you're using in your VPS.

stackmike

8/18/23, 4:05 AM

@TilmanSchmidt Thanks for the reply. I have blocked 1080 port, plus for 80 and 443 port, I am blocking the public access. The software is running again (on Windows 10). My hosting is not contacting me so far. I hope it is not because they are on Easter holiday.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to prevent Netscan? I am using a software on VPS

TH: How to prevent Netscan? I am using a software on VPS

RO: How to prevent Netscan? I am using a software on VPS

RU: How to prevent Netscan? I am using a software on VPS

VI: How to prevent Netscan? I am using a software on VPS

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.