View Single Post
  #1   (View Single Post)  
Old 13th March 2014
sparky's Avatar
sparky sparky is offline
Fdisk Soldier
 
Join Date: Mar 2012
Posts: 73
Default How to block Port Scans?

Hi,

I'm trying to figure out how to block port scans from the net on my OpenBSD router.

Currently the closest I've come is a site:

http://harrykar.blogspot.co.uk/2010/...lteringpf.html

which shows this as an example:

Code:
block in quick proto tcp all flags SF/SFRA
block in quick proto tcp all flags SFUP/SFRAU
block in quick proto tcp all flags FPU/SFRAUP
block in quick proto tcp all flags /SFRA
block in quick proto tcp all flags F/SFRA
block in quick proto tcp all flags U/SFRAU
block in quick proto tcp all flags P
I have added to my pf.conf and tested however, the second and last lines are not taken by PF which throws up an error.

Also using an Android based app "Fing" to do a TCP port scan, I am still able to detect "open ports". Though I've got Snort up and running which basically is giving me all kinds of ICMP sweeps and tcp/udp scan types.


I'm probably attacking this the wrong way so really the question is; is there a way to do this - or what would be an example of a way to do this?

{EDIT} outside of the obvious; closing ports! If one has web services like http or smtp running it really isn't an option :-)

Many thanks.
Reply With Quote