NetscanOutLevel: Netscan detected from <ip>

Issue:

An email is received as below:

Dear Sir or Madam,

We have indications that there was an attack from your server.
Please take all necessary measures to avoid this in the future and to solve the issue.

We also request that you send a short response to us. This response should contain information about how this could have happened and what you intend to do about it.
In the event that the following steps are not completed successfully, your server can be blocked at any time after the 2023-07-03 12:29:16 +0200.

Solution:

1. Install ufw firewall on the server. sudo apt install ufw -y

2. Enable below ports on the server:

   Copy

   sudo ufw allow 22
   sudo ufw allow 443
   sudo ufw allow 80
   sudo ufw allow 7071
   sudo ufw allow 7072
   sudo ufw allow 7073
   sudo ufw allow 53
   sudo ufw allow out to any port 7071
   sudo ufw allow out to any port 7072
   sudo ufw allow out to any port 7073
   sudo ufw allow out to any port 7171
   sudo ufw allow out to any port 5051
   sudo ufw allow out to any port 5052
   sudo ufw allow out to any port 5061
   sudo ufw allow out to any port 5062
   sudo ufw allow out to any port 3031
   sudo ufw allow out to any port 443
   sudo ufw allow out to any port 80
   sudo ufw allow out to any port 53

3. Deny below private ip's range blocks:

   Copy

   sudo ufw default deny outgoing

4. Enable the firewall now.

   Copy

   sudo ufw enable
   sudo ufw status 

For more info this blog can be followed.