pfSense English Support > Firewalling

Block Ports enumeration

(1/3) > >>

moelharrak:
Hi
Is there any method to stop responding to port scan , if someone try to check if the port is open ,?? without using IDS/IPS
Thank you

KOM:
This is already the default behaviour.  pfSense WAN blocks unsolicited incoming traffic instead of rejecting it.

Are you having an issue or seeing something strange?

moelharrak:
Thank you for your replay
I have some ports open ( NAT to Internal Server) , by doing scan using nmap I can see the all the information ( web version , ssh version ,..).I know that in some Firewall even the port is open , you get get answer by doing telnet on port or scan using tools like nmap.

Derelict:
So you open ports but don't want people to connect to them. Got it.

Your only hope is probably IDS/IPS.

johnpoz:
Lock your ports open to only the ips you want to use these forwards if your worried about some one finding them open ;)

Or use say something like pfblocker to block all the "bad" country IPs that you don't want to be able to scan your ports..

Navigation

[0] Message Index

[#] Next page

Go to full version