Topic: denying port Scans

[jabbasi]

I have installed SME 6.0, by private option, which is not replyinh to icmp packets.
But I ran a port scan on it, an dit gave me the list of all ports open for service on my SME.

I will appreciate if anyone will let me know a way of blocking this, so that people who scan for open ports, should not get any response.
I know it can be done in iptables, but i have never been able how to put customise rules for iptables.

thnaks in advance

[iFX]

Yeah, I was wondering the same thing... anyone know?

I'm thinking of installing an extra box with Smoothwall  - to replace the SME firewall and changing it to server only mode - as I'm having all sorts of problems at the moment in SME6.01-01custom but can't work out whether it's the way I set it up, my ISP or SME... so I guess if I change back to the older version (that was working before I got hacked) and add an extra firewall to it, at least I can then find out whether it's the new setup causing the problems I'm having...  Think I should try that?

[Bugi]

Topics containing links to people's sites are unneeded and contribute nothing as a whole, much like topics containing content like this one. You could have PMed a moderator and asked this same question and received the same http://www.utilities.h12.ru/ response. Please do so in the future.

[mbachmann]

If you offer services to the internet (via ports), the port is replying. Port scanning is like knocking on doors. You cannot forbid it. But you can close the port. You can mask the port, you can create port forwardings, redirections, mappings, drop certain packets coming in, whatever. More on discarding icmp for instance here:

http://forums.contribs.org/index.php?topic=23083.0