07-17-2007 07:22 AM - edited 03-09-2019 06:24 PM
Hi All,
We are trying to block NMAP portscan in our routers. Is there a way we would be able to deploy by using ACL's or even other suggestions would be greatly appreciated.
Thanks
Regards
Anantha Subramanian Natarajan
07-17-2007 09:08 AM
This is a question probably better suited for the firewall forum. nmap supports numerous types of port scanning. You might consider using reflexive ACL's:
07-19-2007 07:42 AM
Thank you very much
Regards
Anantha Subramanian Natarajan
07-17-2007 09:50 AM
Hi
You could use ACL whether they be reflexive as previous poster suggested or just extended but the problem you have is that if done properly an nmap port scan is very difficult to block without denying legitimate traffic.
Obviously firewalls will block ports but not the ones you open up and thats the main problem.
IPS/IDS on both the network and the host is the better way to approach this but even they are by no means foolproof.
Jon
07-19-2007 07:43 AM
Hi Jon,
Thanks for the suggestion. We have an IDSM module and how to configure the same to detect the NMAP .
Thanking You
Regards
Anantha Subramanian Natarajan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide