View Single Post
  #4   (View Single Post)  
Old 13th March 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
Join Date: May 2008
Location: USA
Posts: 6,288

Any device exposed to the Internet will be scanned. Welcome to 1992.

You cannot stop scanning from happening. You can only stop your IDS from seeing the scans or screaming about them.

In my case, as I noted above, due to block return rules, TCP scans to "closed" ports will receive an RST packet. I'm nice, that way. Mostly, because I want remote applications to be able to act on a connection failure immediately, and not undergo timeout handling, which I consider rude.

I'm not worried about the script kiddies, because eveni if I dropped blocked packets the kiddies will still find the services which are exposed. There is no "stealth" mode on the Internet, regardless what you may have read == all ports for all IP addresses are scanned constantly. This is the world we live in.

All we can do is try to ensure that all exposed services are as secure as we can make them. And that is an application specific subject.
Reply With Quote