Server Monitoring with the Port Scan Monitor

Description

This monitor allows to monitor open tcp ports at any server which is available on the internet and is externally accessible. Thereby a port scan is carried out to check if/which public accessible tcp ports a server offers. The result is compared with a list of allowed ports and evaluated accordingly.

Unmeant open tcp ports are generally potential points of attack for penetration tests respectively DDoS attacks. It is therefore advisable to monitor the open ports continuously in order to be informed immediately if there are deviations from the intended open ports.

The aim of this monitor is to detect unauthorized / unwanted open ports, not to carry out the availability check of authorized open ports. For these purposes the offered monitors for the specific use cases (web, mal, database) should be used.

Parameter

Scan Ports
The specified ports will be scanned as part of the monitoring. The list of tcp ports to be scanned can in addition to individual ports also contain port ranges, e.g. 22,80,143,3300-4000,443

Open Ports
Allowed open ports are used for the evaluation of the scanning result to determine whether the server has unauthorized open ports. The list of allowed tcp ports can only contain individual ports, e.g. 22,80,143,3369,443

Status port scan impossible
Status to which the check is changed if the port scan is impossible due to time outs or resolve problems.
Default value for this parameter is Unknown.
If you choose the status Critical then the notifications will be send accordingly.

Availability Report

OK
Port scan could be performed, all open ports as identified in the port scan are included in the list of allowed ports,

Critical
Port scan could be performed, in the scan result open tcp ports have been detected that are not defined as allowed or no port scan was possible within the timeout