we have a dedicated server from Hetzner, we are using it to provie nat vps to users, the problem we are facing is that users (which we don't know how to trace) is attempting netscan due to which our dedicated server is getting its ipv4 access to internet locked. Can anybody tell what can we try to prevent netscans? here is example of issue in screenshots of emails we received: Abuse Mail
Asked
Active
Viewed 267 times
0
-
2First your users need to be instructed what is and is not acceptable use and that you (will) monitor them. Then you'll need to actually block (if you can) whatever traffic is not allowed and monitor the traffic that your users generate (that you can't/won't block) to be able to identify abusers. Then warn and block the abusers (or block them first) – HBruijn Aug 01 '22 at 16:19
-
1The high-level actions described by HBrujin is all that can be answered in a Q&A site like this. To properly implement them, you need to hire a professional that will implement these if you don't have good knowledge on these concepts. – Tero Kilkanen Aug 01 '22 at 19:41
-
you might want to [read this](https://www.cyberciti.biz/faq/linux-detect-port-scan-attacks/) article that might support but maybe not solve the problem. psad is a nice tool to identify the root evil user. but remember that it is possible that the adress could be faked – djdomi Aug 01 '22 at 19:59