Our network was repeatedly bombarded by a port scanner targeting a specific ports. Interestingly, our server seems to provide different responses depending on its current state and the specific request it receives. Although nothing major happened, we believe there was a hidden intention behind the attacks.
- Hint : We discovered that the actor was attempting to determine whether our service was open, closed, or blocked by the firewall.
- File log.tar.xz