Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Port Scan Prevention

We have a problem containing port scans originating from our dial-up pool clients...Can someone advise us on what measures to take. We plan to block the whole IP block but don't know which ports to block so as not to affect the service.

2 REPLIES
Silver

Re: Port Scan Prevention

there is no good method - any decent port scanner has variety of options to tweak the source port as well as its randomness for port scanning. Could you insert an IDS into the mix - maybe it would be able to correlate the behaviour, and you could craft an auto shut down solution to kill their ip's connectivity.

Are you an ISP, or are you providing a limited subset of functionality?

Gold

Re: Port Scan Prevention

Hi,

You could also apply command - icmp deny any outside, this will make your inside network invisible to the outside scanners, go to http://www.grc.com and run 'shields up' before applying the above command and see if there are any open ports and then apply the above command and run 'shields up' and check the results.

Hope this helps a little.

Jay

146
Views
0
Helpful
2
Replies