Port Scan Alerts - Outgoing..not incoming
Most port scan questions are related to having other networks/devices targeting your network. My question is related to an alert I received from my Firewalla stating one of my personal laptops (macbook) was port scanning an IP in Singapore (Im in US). The alert didn't provide much other details besides IPs, Domain, etc. I didn't recognize the IP or domain. My concern is if there may be a bot/c&c/malware on my device that is being used to scan someone else's network.
Any ideas?
-
Port scan detection is done by looking at multiple connections out, and if they happen in a burst, then it is detected as a port scan. With any type of detection, there are false positives, so the best way to look at this is turn on antivirus on your pc/mac and see if it detects anything locally first. If not, next step just block the scanning IP and see which application may have issues.
(some applications does do port scan legit fashion, you don't want to break them)
Please sign in to leave a comment.
Comments
1 comment