OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: HenrysCat on February 22, 2021, 08:20:16 pm

Title: Blocking port scans
Post by: HenrysCat on February 22, 2021, 08:20:16 pm

I have enabled the ruleset 'emerging-scan.rules' in intrusion detection, I get a few blocked as screenshot (I assume they are blocked scans) but when I scan my ip address with https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap# the open ports show up.

Any ideas what I'm doing wrong?

(https://i.imgrpost.com/imgr/2021/02/22/opnsense-blocked.md.png) (https://imgrpost.com/image/DtBSj)

Title: Re: Blocking port scans
Post by: Voodoo on February 23, 2021, 02:17:58 pm

Suricata only blocks script enumerations if it sees nmap/zmap user agent.

It won't block syn scans. Relying on security through obscurity doesn't help anyway.

Title: Re: Blocking port scans
Post by: HenrysCat on February 23, 2021, 07:51:34 pm

Thank you