topic Re: Port Scan and SMB in Spark Firewall (SMB)

Port Scan and SMB

G_W_Albrecht — Tue, 14 Aug 2018 12:18:18 GMT

For the GAiA gateways, sk110873 How to configure Security Gateway to detect and prevent port scan gives a detailed configuration guide for R7x and R80.x. But for SMB units, in IPS protections we only find the protection Masscan Port Scanner - but no description how it works. I would assume that the IPS is able to collect statistics, but is that done with locally managed SMB devices ? And what about SMBs managed by R7x / R80.x, can you configure an automatic SAM rule to close the port scanning connections also on SMB gateways ?

Re: Port Scan and SMB

Pedro_Espindola — Tue, 14 Aug 2018 13:29:18 GMT

Günther, on locally managed SMB appliances, I believe that is all you have.

For centrally managed, they have the same protections, such as Host Port Scan, Zmap, Masscan, etc.

They do not support SAM rules, and using "Block source" automatic reactions in SmartEvent will have no effect.

Re: Port Scan and SMB

G_W_Albrecht — Fri, 07 Sep 2018 12:16:46 GMT

Yes, it is just like that - as the fw sam command does not work on SMBs and only SAM Events created by CP SAM GWs will work (no 3rd party events), this is all we have (and we even do know no details)...