IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [scan]

104 questions
57
votes
3 answers

eBay web site tries to connect to wss://localhost:xxxxx - is this legit or they have some Malware JS running?

In helping a corporate user log on to eBay, I noticed that when on the login page, a stream of errors were coming up in the Firefox JS Console about not being able to connect to wss://localhost. This is a bit concerning, obviously. Why would a web…
ETL
  • 631
  • 5
  • 8
16
votes
5 answers

How can an attacker identify if a website is using PHP? How about the PHP version?

I have a vulnerable test site up that runs PHP. How can an attacker identify that PHP is used? if I type .../add.php the site gives back an error message, although the file is add.php. If I type .../add the site runs. Maybe I can inject code to…
Jan Küfner
  • 163
  • 1
  • 6
16
votes
4 answers

Can I block viruses from a USB stick by scanning it before opening its folder?

I inserted my USB stick into a friend's PC which was full of viruses, malwares and adwares. Therefore I suppose they attacked my USB device as well. Now I want to use my USB device on my PC without running the risk of being infected by the viruses…
franz1
  • 481
  • 1
  • 6
  • 13
11
votes
2 answers

What's the advantage of sending an RST packet after getting a response in a SYN scan?

I'm reading about nmap's SYN scan, and it says Nmap sends an RST immediately after the server tries to establish the handshake. My question is - why bother with the RST? Is it to prevent the server from trying to reconnect on every checked port,…
Jay
  • 223
  • 1
  • 6
10
votes
4 answers

Do mail servers follow links in emails as part of a security scan before inbox delivery?

I've implemented a passwordless login using a magic link and email. The link can be used only once. One customer is complaining that once they click the link, the page reports that the link is already used. This is indeed what I implemented, but I'm…
Chris
  • 211
  • 2
  • 9
10
votes
3 answers

How to use nmap through proxychains?

I am running nmap through proxychains using this command: proxychains nmap -v scanme.namp.org This produced an error: root@kali:~# proxychains nmap -v scanme.nmap.org ProxyChains-3.1 (http://proxychains.sf.net) Starting Nmap 6.49BETA4 (…
Backdoor Cipher
  • 203
  • 1
  • 2
  • 8
7
votes
1 answer

How does one scan a MySQL database for malware?

I have a lot of means of searching for malicious code within the file system, monitoring traffic, scanning log files, checking for suspicious/masked processes etc. However, scanning a relational database such as MySQL is no easy task. Some exploits…
McJohnson
  • 282
  • 2
  • 7
6
votes
1 answer

Can network admin detect port scan on a certain host?

Say, my laptop is connected to a large WiFi network with many other users. If a port scan is run on my IP by somebody else on the same WiFi network, is it possible for the network admin (or anybody) to find out, or is it only my system that can…
Bob Bob
  • 73
  • 3
5
votes
2 answers

What allows for reinfection of the same PUP after quarantine and removal?

I use an antimalware program- the scan finds a PUP (Potentially Unwanted Program), which is quarantined and removed. It comes back! I am guessing it is stored somehow to resurface after normal shut down and reboot. Where can this be hiding out?…
Portaspilli
  • 51
  • 1
5
votes
1 answer

Is there a need to scan images with real-time scanners anymore?

Historically, there were some exploits for certain types of image files, notably JPEG images. Consequently, many real-time malware scanners (antivirus included) started scanning every JPEG image (as well as some other types of image files) every…
RockPaperLz- Mask it or Casket
  • 3,114
  • 21
  • 50
4
votes
1 answer

How to distinguish between "normal internet" Port scan and more "serious" port scan preparing attack?

In a complete network infrastructure, with firewalls, routers, servers supervised by a SIEM, LogPoint here. Of course, there is a private network and public servers. in the LogPoint there is an alert called "port scans" which is triggered whenever…
BR.Hamza
  • 107
  • 2
  • 2
  • 13
4
votes
1 answer

Best practices manual for Alienvault USM?

Is there any best practices manual for Alienvault USM? I found some information about the profiles for the vulnerability scanner but nothing about how often I should launch the scan or which categories for a custom profile are dangerous: Deep -…
Blai
  • 43
  • 3
4
votes
1 answer

Thorough computer scan

I'd like to give my computer an overall deep scan against all kinds of malware. I was infected about a year ago and I feel like there may still be some hidden rootkit on my HDD or something like that... I already performed scans with multiple AV's…
user104674
  • 69
  • 2
3
votes
3 answers

Gmail warns about encrypted PDF file

I recently received a PDF file that, when attached to a gmail message, causes a warning to be displayed as follows: Encrypted attachment warning – Be careful with this attachment. This message contains 1 encrypted attachment that can't be scanned…
Marcus Junius Brutus
  • 133
  • 1
  • 4
3
votes
1 answer

Why are full port scans more susceptible to being logged than half-open port scans?

Many resources I come across state that one major advantage of full-port scans (e.g. SYN scans) is the fact that there is a lower risk of being logged. But why? In my opinion, the sequence of segments exchanged in a SYN-scan (SYN >> SYN/ACK >> RST)…
Max
  • 45
  • 5
1
2 3 4 5 6 7