Blocking Netscan/port scans?

Started by cguilford, July 12, 2018, 04:38:03 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 12, 2018, 04:38:03 PM
I'm curious if there is a way to auto block port scanning?  Some kind of stealth mode maybe?  What I'm seeing in my logs is a bunch of deny's which is great, but seems I'm often being hit on port 23 (denied).. which is of course telnet, and I don't have it open same for rdp ports and many others that are always being hit by the same ip over and over.  I'm assuming it's a botnet trying to find a way in or someone trying to brute-force.  I see there is intrusion detection which I turned on then the next day turned off because it seemed to cut my internet speed from 400mb to like 40mb?  Maybe that's a configuration issue?  Any help is greatly appreciated.
July 12, 2018, 09:23:34 PM #1
There is no way to stop another system from scanning your ports, your best defense is a firewall.  :)


I use various blocklists and geo blocking to keep them at bay. When I see an ip address that tries to attack through my few open ports, it gets added to my plonker list and that's the end of that.
OPNsense 25.7a - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
Print
Go Up Pages1
User actions