Most sensible firewall to port scan

Discussion in 'other firewalls' started by RadarSP, Apr 2, 2007.

Thread Status:
Not open for further replies.
  1. RadarSP

    RadarSP Registered Member

    Joined:
    Feb 6, 2007
    Posts:
    2
    Which is the most sensible firewall to detect ports scan, like nmap?
    Im talking about xmas, null, fin or syn snan, without ping....
    Most firewalls block this scans but dont display alerts.
     
  2. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Take a look at Look´n´Stop. Not that it says much, but I dont understand half of the blocks it makes in the log :D
     
  3. KDNeese

    KDNeese Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    236
    I've been told that port scanners are not really a good idea, and can actually make your system vulnerable to attack. That may or may not be true, but the logic in some of the articles I've read makes sense. What I have done is use Kerio firewall with the NIPS function, which uses Snort rules, and keep the NIPS updated with the latest Snort rules. The NIPS (Snort) rules are signature based, and can detect specific port scans (such as XMAS) and behavioral anomolies (various types of spoofing, etc). Snort is a good IDS, and can be incorporated into the other security features of the firewall. I use the NIPS function along with tight rules created with the packet filter module. I think this makes for a very good and secure setup.
     
Loading...
Thread Status:
Not open for further replies.