Hi Team,
We have found public IP addresses in Port scan detection (Horizontal Scan for Alt SOCKS (8080/TCP)). I want to know the legitamcy of these IP addresses. I am using Virus Total site to check legitamcy of a website, like that is there any other website which will provide us Security information about the public IPs?
Just run a whois on the IP:
https://whois.domaintools.com/
Is the box being scanned an externally facing one? If so, this is a common occurrence.
If you are getting port scan attack from a public IP, the best thing to do is to report the issue and the IP address of the source of attack to you ISP. Because the IP may or may not necessarily be the actual source of the attack. Your IPS should be able to find the source of the attack and block it (not just for you, but for everyone who uses network services from your ISP).