We were contacted by our ISP saying that one of our servers was issuing an attack on another computer.
May 23 14:11:35 wdc lfd[14308]: *Port Scan* detected from ***.***.***.***
(US/United States/-). 11 hits in the last 245 seconds - *Blocked in csf* for
3600 secs [PS_LIMIT]
I don't know what it means, but our server is a factory image, with only a couple programs running.
I would like to know the domain, but don't know how to look it up.