⇤ Compromised Systems Findings
The Unsolicited Communications risk vector indicates a host is trying to contact a service on another host. It might be attempting to communicate with a server that is not providing or advertising any useful services, the attempt may be unexpected, or the service is unsupported. This also accounts for hosts that might be scanning darknets.
Finding Details
The details include the data in Findings, Compromised Systems details, and also the following information:
Field | Description |
---|---|
Destination Port | The port identified as the destination of traffic coming from a compromised device. |
Number of Scans | The number of times the device attempted to communicate with a server that was not soliciting communication or hosting any useful services during a 24-hour period. Occasionally, this type of communication will occur if a user accidentally enters an incorrect address. In these cases, the number of scans is very low, typically one or two. The higher the number of scans, the more likely it is that the device is maliciously scanning the Internet to find devices with open ports that can be compromised. |
Protocol | The network protocol used in the communication attempt. |
- October 29, 2024: Findings Table navigation instructions moved from Risks to a new Findings section in the menu.
- April 6, 2021: Forensics integrated into findings.
Feedback
0 comments
Please sign in to leave a comment.