How to block any IP that port scans me?

Discussion in 'other anti-malware software' started by AlexC, Oct 31, 2011.

Thread Status:
Not open for further replies.
  1. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    In another thread (my bold):

    Is there anything similar to PSAD that works in Windows?
    Thanks
     
  2. x942

    x942 Guest

    The easiest way in windows would be to use SNORT IDS. There are some rules for NMAP port scans. By default it will only notify you but you can have snort run scripts. I use to have it dump the ip's into windows firewall and have that block them.

    Down side to snort is it doesn't use encrypted signatures so any AV you have will pick up false positives.
     
  3. ColPeters

    ColPeters Registered Member

    Joined:
    Apr 8, 2011
    Posts:
    5
    Location:
    Far East Oz
    Any decent firewall (or NAT if you have a DSL router) will drop unsolicited incoming connection attempts (which is what port scanning is) by default. This is what you get when your ports are "stealth" as in steve gibsons test pages.

    So in effect all port scans are blocked anyway, end of your paranoia ;)
     
  4. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    Thanks, i´ll try SNORT IDS:thumb:
     
  5. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,787
    True, and for that matter, just the built-in Windows Firewall will do, since AlexC is already using that.
     
Loading...
Thread Status:
Not open for further replies.