This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JunedRafeek_kit
Contributor
‎2018-12-11 10:10 PM

How can we block Nmap and other Port scanners

How can I block Nmap scan from Outside? . 

VAPT report submitted by external vendors used nmap to scan our network and checkpoint gave pretty much all the information which can used further for attacks. How can we block such request on checkpoint?

Sample :: 

Starting Nmap 7.70 ( https://nmap.org ) at 2018-12-11 17:51  Standard Time
Nmap scan report for 94.X.X.X 
Host is up (0.0086s latency).
Not shown: 95 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
25/tcp open smtp Postfix smtpd
80/tcp open http Check Point NGX Firewall-1
443/tcp open ssl/http Connectra Check Point Web Security httpd
444/tcp filtered snpp
Aggressive OS guesses: Linux 2.6.18 (94%), Linux

5 Replies
Martin_Raska
Advisor
Advisor
‎2018-12-11 11:32 PM

How to configure Security Gateway to detect and prevent port scan - sk110873

In SmartEvent you have default events predefined which are not activated by default.

0 Kudos
Danny
Champion Champion
Champion
‎2018-12-11 11:41 PM

https://community.checkpoint.com/message/33652-howto-react-on-check-point-information-disclosure

ED
Advisor
‎2018-12-12 12:30 AM

Hi,

Have you checked your IPS protections and made sure that the protection "Nmap Scripting Engine Scanner over HTTP request" is set to prevent? 

JunedRafeek_kit
Contributor
‎2018-12-12 09:44 PM
In response to ED

Yeah that is active but Nmap request still get through.

0 Kudos
ED
Advisor
‎2018-12-13 12:40 AM
In response to JunedRafeek_kit

Have you tried to follow the sk suggested by Martin? Nmap as portscanner has been along for ages (tons of options to avoid being detected) and as long as you have services open for "anyone" it will show on port scanners. If you have services exposed for anyone on the Internet then you should not be so worried being port scanned. As long as you have the latest updates and patches for the servers behind these ports (also IPS protections set to prevent for these services), there is not so much more you can do. Portscans happens all the time and are not magical hacking fairy dust. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events