9090_scan_external

Explanation

This NDM is designed to detect scanning for servers listening on port 9090 that is hitting the customer’s network from the Internet. Port 9090 is used for several purposes, including Linux server administration as well as management of several Ivanti products.

What to Look For

Scanning activity on the Internet is quite commonplace. In general, servers listening on port 9090 should not be exposed to the open Internet.

Related MITRE ATT&CK Categories

Reconnaissance: Active Scanning, Technique T1595 - Enterprise