i am wandering if there is the possibility to block port scans hiding ports (may be block all countries?)
it is performed by icmp protocol ?
thanks
Time: Wed Oct 28 20:49:53 2020 +0100
IP: xxxxxxxxxxx (KR/South Korea/-)
Hits: 11
Blocked: Temporary Block for 3600 seconds [PS_LIMIT]
Sample of block hits:
Oct 28 20:48:10 xxxkernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=xxxxxxxxxxxxxxxxxxxxxxxxxx SRC=xxxxxx DST=xxxxxxxx LEN=60 TOS=0x00 PREC=0x00 TTL=37 ID=42802 DF PROTO=TCP SPT=37074 DPT=465 WINDOW=29200 RES=0x00 SYN URGP=0
frequent port scanning
-
Linuxlover
- Junior Member
- Posts: 16
- Joined: 01 Feb 2014, 11:58
Re: frequent port scanning
Hello,
No a server needs a public ip people can obtain it and thus scan your server.I understand your issue is annoying but blocking whole countries will have it's impact on server performance.You could play a little with the csf settings that control portscanning but caution be careful you don't cause a dos on your own server
No a server needs a public ip people can obtain it and thus scan your server.I understand your issue is annoying but blocking whole countries will have it's impact on server performance.You could play a little with the csf settings that control portscanning but caution be careful you don't cause a dos on your own server