TCP reset alert
Hello LES fellow's,
I am getting TCP reset alert from one of my VDS which is currently idle and running Ubuntu 22.04LTS hosted by advinservers.com ( @advin ).
I'm not concerned but I get this same alert few times before also. Just curious 
to know what that mean is it a port scan or what.
I am not running anything as yet used few times before as a middleman relay 
vps just for some large zip extraction and file transfers using rclone from Russian & European region to my other servers. Afterward reinstall upgrade the OS and leave it Idle.
Alert Info
Node: 12-eu-adv
Chart ID: ipv4.tcphandshake
Type: System
Component: Network
Class: Errors
Check every: 10 seconds
10s_ipv4_tcp_resets_sent
Triggered 6/2/23 15:02:55 0.0322 tcp resets/s
Alert Description- average number of sent TCP RESETS over the last 10 seconds. This can indicate a port scan, or that a service running on this host has crashed.
Comments
Yes, this can mean port scan or what. At that rate (0.03/s) there is not much to concern, probably a random scan.
You can add some iptables rule to some services you do not run to log attempted accesses to it, and correlate with the alerts, so you can be sure of what it is and from where it is coming.
like:
iptables -I INPUT -p tcp --dport 23 -m state --state NEW -m limit --limit 1/m -j LOG --log-prefix "TELNET:"yea thanks!! did the same.