Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

how to deny port scan?

Some one uses method to deny port scan to their internet servers: if the server is port-scanned, the attacker will be blocked to access the server including ping. The attacker is identified by its IP address, so if the attacker changes its IP, it could scan again - but will be blocked again.

Who know what's the security mechanism used? it's blocked by router, server or other systems?

4 REPLIES
Cisco Employee

Re: how to deny port scan?

It's probably some sort of IDS system set up to block/shun the source of the port scan. The IDS system will detect the port scan, and can then write an ACL onto an external router to block packets from that source address for a pre-determined period.

New Member

Re: how to deny port scan?

Is there other cheaper method than IDS? thanks!

Re: how to deny port scan?

This is probably not exactly what you had in mind but I think it's worth a look for some security minded concerns. Caution though. As with any tool, In the wrong (or novice) hands it could do more harm that good.

http://www.hackbusters.net/LaBrea/

New Member

Re: how to deny port scan?

Hi,

Stopping a port scan without using firewall/IDS is difficult. Since your another concern is cost I suggest that you use the opensource IDS Snort (http://www.snort.org/) Works pretty fine on a small box and hence is pretty inexpensive to install/maintain.

Trust this helps.

Nimitt

828
Views
3
Helpful
4
Replies
CreatePlease to create content