临时端口上进行大量端口扫描...为什么？

我最近获得了一个新帐户并接管了他们的空间的管理，包括 SonicWall。

首先，我们更新了固件，因为之前的管理员没有跟上……太好了:)

因此，在重新配置 SonicWall 以使其成为真正的安全设备的浪潮中，我打开了 IDS 和事件警报。

我的邮箱里满是扫描警报。以下是其中一些。

奇怪的是，这些警报似乎有以下特征：通常源自 Web 端口 80 和 443，针对面向公众的 IP，这是我的一个美国客户，客户遍布全球，但我正在查看 IP 地址，并看到从冰岛到中国的信息。

有人能解释一下 IDS 误认为的合法服务吗？最初，IDS 阻断了所有 SIP 流量，直到我排除了异地 PBX，因此如果 IDS 阻断了更多流量而用户没有注意到或报告，我也不会感到惊讶。

04/18/2019 19:25:05 - 82 - Security Services - Alert - 77.247.109.151, 7659, X2 - XXX.178, 19090, X2 - udp - UDP scanned port list, 8080, 9060, 9070, 9080, 17070 - Possible port scan detected

This email was generated by: SonicOS Enhanced 6.5.3.1-48n (18B1-6993-2800)



04/18/2019 17:54:06 - 82 - Security Services - Alert - 198.61.165.71, 443, X2 - XXX.180, 64982, X2 - tcp - TCP scanned port list, 41016, 18069, 26794, 56346, 14356 - Possible port scan detected

This email was generated by: SonicOS Enhanced 6.5.3.1-48n (18B1-6993-2800)



04/18/2019 17:13:58 - 83 - Security Services - Alert - 5.8.18.90, 65532, X2 - XXX.180, 3364, X2 - tcp - TCP scanned port list, 3363, 3362, 3357, 3365, 3358, 3359, 3360, 3355, 3361, 3364 - Probable port scan detected

This email was generated by: SonicOS Enhanced 6.5.3.1-48n (18B1-6993-2800)



04/18/2019 17:13:58 - 82 - Security Services - Alert - 5.8.18.90, 65532, X2 - XXX.180, 3359, X2 - tcp - TCP scanned port list, 3363, 3362, 3357, 3365, 3358 - Possible port scan detected

This email was generated by: SonicOS Enhanced 6.5.3.1-48n (18B1-6993-2800)



04/18/2019 15:55:46 - 82 - Security Services - Alert - 205.180.85.169, 443, X2 - XXX.180, 52468, X2 - tcp - TCP scanned port list, 19366, 65141, 17474, 5725, 57646 - Possible port scan detected

This email was generated by: SonicOS Enhanced 6.5.3.1-48n (18B1-6993-2800)



04/18/2019 14:52:53 - 82 - Security Services - Alert - 151.101.5.140, 443, X2 - XXX.180, 36862, X2 - tcp - TCP scanned port list, 18568, 29110, 40462, 10585, 26896 - Possible port scan detected

This email was generated by: SonicOS Enhanced 6.5.3.1-48n (18B1-6993-2800)