Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Blocking port scans
« previous
next »
Print
Pages: [
1
]
Author
Topic: Blocking port scans (Read 7574 times)
RChadwick
Newbie
Posts: 2
Karma: 0
Blocking port scans
«
on:
June 15, 2020, 07:31:44 pm »
While I don't run OPNsense, I used to run pfsense many years ago. I switched to Sophos UTM, mainly for security features like port scan blocking. However, it seems Sophos UTM is dead, and annoying bugs are driving me nuts (Like getting an email for EVERY port in a port scan attack. Hundreds of emails from Sophos is like a DOS attack in itself). Can OPNSense detect a Port Scan, and then block the IP address of the scanner? I heard this was possible with Snort an pfsense, but I'd like to stay away from pfsense for stability reasons.
Thanks!
Logged
jclendineng
Full Member
Posts: 144
Karma: 6
Re: Blocking port scans
«
Reply #1 on:
June 16, 2020, 12:43:39 pm »
pfsense does indeed support port scan blocking, as does opnsense. The plugin you want for either firewall is called "suricata", and in the rulesets there is a category for scans
that will detect port scans and block.
Logged
RChadwick
Newbie
Posts: 2
Karma: 0
Re: Blocking port scans
«
Reply #2 on:
June 16, 2020, 04:06:21 pm »
Thanks!
One quick question about OPNsense. The reason I left pfsense is that, while pfsense was rock solid, a few needed plugins were not, and would crash the entire router. I heard OPNsense doesn't have third party plugins. Is that true? If so, is that why?
Logged
jclendineng
Full Member
Posts: 144
Karma: 6
Re: Blocking port scans
«
Reply #3 on:
June 23, 2020, 09:32:51 pm »
What plugins? I had a few on pfsense and it was solid. Only reason I switched to opnsense was a more aggressive dev timeline. Last pfsense release had terrible performance issues and would randomly hang due to a bug that was put in a future patch. Opnsense has plugins, yes. Its the same base as pfsense (bsd) and as such can use ports.
Logged
Ypsilon
Newbie
Posts: 16
Karma: 9
Re: Blocking port scans
«
Reply #4 on:
July 13, 2020, 03:36:14 pm »
This is my first post on this forum, so hi all, and glad to be using OPNsense.
I was on the same boat as you @RChadwick, also running UTM, but meanwhile switched to OPNsense.
So if I remain satisfied as i am now, I will consider a donation.
Portscan was a separate feature in UTM indeed, but also had some issues:
- limiting number of alert message didn't work well, spamming my mailbox
- The rules for portscans and threats were not clear in the gui, and from cli they were hard to find.
In OPNsense you have much more control over intrusion detection.
So I have enabled the scan rules, and portscans are being blocked
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Blocking port scans