|
||||
How to block Port Scans?
Hi,
I'm trying to figure out how to block port scans from the net on my OpenBSD router. Currently the closest I've come is a site: http://harrykar.blogspot.co.uk/2010/...lteringpf.html which shows this as an example: Code:
block in quick proto tcp all flags SF/SFRA block in quick proto tcp all flags SFUP/SFRAU block in quick proto tcp all flags FPU/SFRAUP block in quick proto tcp all flags /SFRA block in quick proto tcp all flags F/SFRA block in quick proto tcp all flags U/SFRAU block in quick proto tcp all flags P Also using an Android based app "Fing" to do a TCP port scan, I am still able to detect "open ports". Though I've got Snort up and running which basically is giving me all kinds of ICMP sweeps and tcp/udp scan types. I'm probably attacking this the wrong way so really the question is; is there a way to do this - or what would be an example of a way to do this? {EDIT} outside of the obvious; closing ports! If one has web services like http or smtp running it really isn't an option :-) Many thanks. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
pf block command help | newbsdied | OpenBSD Security | 1 | 7th November 2010 12:50 AM |
Block IDM-DAP-P2P | mohammadreza | OpenBSD Security | 5 | 25th February 2010 09:59 AM |
block spam | milo974 | OpenBSD Security | 1 | 26th May 2009 11:30 AM |
Automaticaly block IPs with PF | DNAeon | FreeBSD Installation and Upgrading | 7 | 20th February 2009 02:06 AM |
nmap scans | hamba | FreeBSD Security | 3 | 2nd February 2009 10:16 AM |