Re: How to avoid port scanners

To: Eduardo Gonçalves <egsilva@prolan.com.br>
Cc: <debian-firewall@lists.debian.org>
Subject: Re: How to avoid port scanners
From: Adam William Lydick <awlydick@bulldog.unca.edu>
Date: Thu, 17 Jan 2002 10:00:04 -0500 (EST)
Message-id: <[🔎] Pine.OSF.4.31.0201170953500.413343-100000@bulldog.unca.edu>
In-reply-to: <[🔎] 01e901c19f61$bb991360$4d021bac@prolan.com.br>

That doesn't seem possible to me. NMAP uses, at least for its
SYN/connect() type scans the same sequence of packets that your mail
software would have to use, so if you block one sequence of packets, they
are going to be blocked regardless of the place they are coming from.

To achieve a similar result, try:
(1) if you are going to be sending mail from a limited set of IP
addresses, try filtering all traffic to that port, except your
"semi-trusted" hosts. This isn't perfect, but will avoid casual scans.

(2) better yet, set up a VPN between your trusted hosts and your mail
server and you don't need to have a port open for the public internet.

On Thu, 17 Jan 2002, [iso-8859-1] Eduardo Gonçalves wrote:

> Hi all,
>
> I have a ipchains rule like this:
> #ipchais -A input -s 0/0 -p tcp -y -j REJECT
>
> so I can block all the SYN packets used by port scanners and avoid them...
> but now I run a smtp server (postfix), and my box must accept SYN packets to
> port 25.
>
> I don't want that anybody knows ( using a scanner ) which is the open port.
>
> My question:
> How can I block port scanners(like nmap) and run my server without
> problems?
>
>
> thanks a lot
> []'s
> Eduardo

Reply to:

Follow-Ups:
- Re: How to avoid port scanners
  - From: vegard@engen.priv.no (Vegard Engen)

References:
- How to avoid port scanners
  - From: Eduardo Gonçalves <egsilva@prolan.com.br>

Prev by Date: How to avoid port scanners
Next by Date: Re: How to avoid port scanners
Previous by thread: How to avoid port scanners
Next by thread: Re: How to avoid port scanners
Index(es):
- Date
- Thread