• 0 Posts
  • 7 Comments
Joined 1 year ago
cake
Cake day: June 27th, 2023

help-circle


  • A benign scan could just be looking for an ftp server to connect to or a repeater or relay server of some sort. There are plenty of open services people make available for free and the fact that you would consider it an attack it doesn’t make it one.

    At minimum you could be alerted to look for someone attempting to connect to your ftp server with a single basic anonymous authentication vs someone flooding that port with known malicious software attacks, and block the latter across your entire network and effectively ignore the former. Really it seems like you’re advertising your lack of imagination in this context than a legitimate lack of possible uses for spoofing open ports.




  • At a guess, you might tell the difference between some benign scan and an attempt to actually take advantage of the port, perhaps to use as a trigger to automatically ban an ip address? or a way to divert malicious resources to an easy looking target so they are less available in other areas?

    The difference between someone scanning for open ports and someone attacking a port they find open seems significant enough to at least track and watch for patterns… Whether that’s useful for the majority of users or not is rarely why a feature is implemented.