network attack

[Tolete]

Hi Team I have in the Kaspersky Report the alert of “ Scan.Generic.PortScan.UDP    192.168.1.221:7    worm”  and I would like to know if it’s real attack or if is it an error or false positive ?

Kaspersky Version for server is 10.1.2.996

Thanks

 

[Vimaro]

Dear user,

Thanks for your post. From admin perspective, you should take a look of timestamp for that event and check internally with other colleagues if someone used a Port Scan application like NMAP, WireShark or any other. 

Check the field “Attacking computer IP”. If there is an internal address, this could be an FP.