topic Blocking port scanners in General Topics

Blocking port scanners

SubZer0 — Tue, 23 Jan 2024 11:41:46 GMT

On my FW I will like to block port scanners. I've attempted the solution outlined in sk110873, but Nmap is still able to extract information about open ports. Do you have any suggestions on effectively blocking port scanners to ensure they cannot gather any information?

I am using R81.10 – gateway and R81.20 for MGMT.

Re: Blocking port scanners

Lesley — Tue, 23 Jan 2024 21:24:43 GMT

This would be a good next step:

https://support.checkpoint.com/results/sk/sk112241

Btw you will never truely block port scans. They can be tweaked that they stay under the 'radar'.

So you could scan a subnet, but also one host. You can scan small port range, but also big. You can scan 10 ports a second or more.

There are so many factor that you can change that a firewall is not able to know if this is a port scan yes or no.

Re: Blocking port scanners

the_rock — Tue, 23 Jan 2024 21:32:45 GMT

Thats actually really GOOD question. But, in my mind, and this is just me personally, I cant really see logically how that can be achieved, because you would need to know src/port numbers used in order to do it effectively.

Andy