Discussion in 'other anti-malware software' started by AlexC, Oct 31, 2011.
In another thread (my bold):
Is there anything similar to PSAD that works in Windows?
The easiest way in windows would be to use SNORT IDS. There are some rules for NMAP port scans. By default it will only notify you but you can have snort run scripts. I use to have it dump the ip's into windows firewall and have that block them.
Down side to snort is it doesn't use encrypted signatures so any AV you have will pick up false positives.
Any decent firewall (or NAT if you have a DSL router) will drop unsolicited incoming connection attempts (which is what port scanning is) by default. This is what you get when your ports are "stealth" as in steve gibsons test pages.
So in effect all port scans are blocked anyway, end of your paranoia
Thanks, i´ll try SNORT IDS
True, and for that matter, just the built-in Windows Firewall will do, since AlexC is already using that.
Separate names with a comma.