This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SubZer0
Contributor
‎2024-01-23 03:41 AM

Blocking port scanners

On my FW I will like to block port scanners. I've attempted the solution outlined in sk110873, but Nmap is still able to extract information about open ports. Do you have any suggestions on effectively blocking port scanners to ensure they cannot gather any information?

I am using R81.10 – gateway and R81.20 for MGMT.

0 Kudos
2 Replies
Lesley
Mentor Mentor
Mentor
‎2024-01-23 01:21 PM

This would be a good next step:

https://support.checkpoint.com/results/sk/sk112241

Btw you will never truely block port scans. They can be tweaked that they stay under the 'radar'. 

So you could scan a subnet, but also one host. You can scan small port range, but also big. You can scan 10 ports a second or more.

There are so many factor that you can change that a firewall is not able to know if this is a port scan yes or no. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
the_rock
Legend
Legend
‎2024-01-23 01:32 PM

Thats actually really GOOD question. But, in my mind, and this is just me personally, I cant really see logically how that can be achieved, because you would need to know src/port numbers used in order to do it effectively. 

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top