OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 21.1 Legacy Series »
  • Blocking port scans
« previous next »
  • Print
Pages: [1]

Author Topic: Blocking port scans  (Read 2667 times)

HenrysCat

  • Jr. Member
  • **
  • Posts: 58
  • Karma: 2
    • View Profile
Blocking port scans
« on: February 22, 2021, 08:20:16 pm »
I have enabled the ruleset 'emerging-scan.rules' in intrusion detection, I get a few blocked as screenshot (I assume they are blocked scans) but when I scan my ip address with https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap# the open ports show up.

Any ideas what I'm doing wrong?

Logged
OPNsense 23.1.2-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023

Voodoo

  • Newbie
  • *
  • Posts: 49
  • Karma: 4
    • View Profile
Re: Blocking port scans
« Reply #1 on: February 23, 2021, 02:17:58 pm »
Suricata only blocks script enumerations if it sees nmap/zmap user agent.

It won't block syn scans. Relying on security through obscurity doesn't help anyway.
« Last Edit: February 23, 2021, 02:19:54 pm by Voodoo »
Logged

HenrysCat

  • Jr. Member
  • **
  • Posts: 58
  • Karma: 2
    • View Profile
Re: Blocking port scans
« Reply #2 on: February 23, 2021, 07:51:34 pm »
Thank you
Logged
OPNsense 23.1.2-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 21.1 Legacy Series »
  • Blocking port scans
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2