OPNsense Forum
Archive => 21.1 Legacy Series => Topic started by: HenrysCat on February 22, 2021, 08:20:16 pm
-
I have enabled the ruleset 'emerging-scan.rules' in intrusion detection, I get a few blocked as screenshot (I assume they are blocked scans) but when I scan my ip address with https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap# the open ports show up.
Any ideas what I'm doing wrong?
(https://i.imgrpost.com/imgr/2021/02/22/opnsense-blocked.md.png) (https://imgrpost.com/image/DtBSj)
-
Suricata only blocks script enumerations if it sees nmap/zmap user agent.
It won't block syn scans. Relying on security through obscurity doesn't help anyway.
-
Thank you