We have a problem containing port scans originating from our dial-up pool clients...Can someone advise us on what measures to take. We plan to block the whole IP block but don't know which ports to block so as not to affect the service.
there is no good method - any decent port scanner has variety of options to tweak the source port as well as its randomness for port scanning. Could you insert an IDS into the mix - maybe it would be able to correlate the behaviour, and you could craft an auto shut down solution to kill their ip's connectivity.
Are you an ISP, or are you providing a limited subset of functionality?
You could also apply command - icmp deny any outside, this will make your inside network invisible to the outside scanners, go to http://www.grc.com and run 'shields up' before applying the above command and see if there are any open ports and then apply the above command and run 'shields up' and check the results.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...