Blocking port scans

Started by HenrysCat, February 22, 2021, 08:20:16 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 22, 2021, 08:20:16 PM
I have enabled the ruleset 'emerging-scan.rules' in intrusion detection, I get a few blocked as screenshot (I assume they are blocked scans) but when I scan my ip address with https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap# the open ports show up.

Any ideas what I'm doing wrong?

OPNsense 23.1.2-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
February 23, 2021, 02:17:58 PM #1 Last Edit: February 23, 2021, 02:19:54 PM by Voodoo
Suricata only blocks script enumerations if it sees nmap/zmap user agent.

It won't block syn scans. Relying on security through obscurity doesn't help anyway.
February 23, 2021, 07:51:34 PM #2
Thank you
OPNsense 23.1.2-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
Print
Go Up Pages1
User actions