ANS Documentation

Improve This Doc
  • Cloud
  • Domains and DNS management
  • Backup and High Availability
  • eCommerce Stacks
  • Security
    • DDoSX®
    • Web Application Firewall
    • Threat Monitoring and Threat Response
      • General Information and FAQs
      • How does it work?
      • System Requirements
      • Getting Started
      • Installing on a UKFast hosted server
      • Installing on a non-UKFast hosted server
      • PCI DSS Compliance
      • Alerts and rulesets
      • Attack Ruleset
      • High Level Alerts Explained
      • Alert Remediation Tips
      • Common Attacks
      • Databases
      • Exploits
      • File Monitoring (FIM)
      • Malware
      • Service Specific Alerts
      • System
      • Windows
      • Scans and Reconnaissance
    • McAfee Antivirus
    • Vulnerability Scans
    • ANS MDR
    • Keeping Magento secure
    • Keeping WordPress secure
    • Brute Force Attacks
    • CryptoLocker
    • Dirty COW
    • The Logjam attack
    • Meltdown and Spectre
    • Memcached security concerns and reflection/amplification DDoS attacks
    • Wana Decryptor / Wana Decrypt0r 2.0 / WannaCry
    • Log4J Vulnerability
    • Polkit Security Vulnerability CVE-2021-4034
    • CVE-2022-0847 - Dirty Pipe Vulnerability
  • Email
  • Monitoring and usage management
  • Networking
  • Operating systems
  • Webcelerator
  • MyUKFast
  • Home >
  • Security >
  • Threat Monitoring and Threat Response >
  • Scans and Reconnaissance

Scans and Reconnaissance¶

Before attacking, many targeted attacks and bots will perform a network scan on your server. This scan may check if common ports are open, what services are listening on those ports and the version of those services. With this information, an attacker or bot may be able to tailor their attacking strategy to that specific software version.

For example, if you were running a vulnerable version of Exim on a common mail port, then the attacker could launch an RCE attack (CVE-2019-15846) against your server.

Threat Monitoring can detect when a network scan or version gathering scan may be in progress, and take the needed actions to block the scan.

  • Network scan from same source IP.

Next Article > Network scan from same source IP.

  • Useful Links
  • SMB
  • Enterprise
  • Channel
  • Public Sector
  • ANS Data Centres
  • About ANS
  • Careers
  • Blog
  • Get in touch
  •  
  • Sales 0800 458 4545
  • Support 0800 230 0032
  • Get in touch

© ANS Group Limited | Terms and Conditions | Corporate Guidance | Sitemap
ANS Group Limited, registered in England and Wales, company registration number 03176761, registered office 1 Archway, Birley Fields, Manchester M15 5QJ