Well. You *could* in theory, I guess, implement something that firewalled a specific host totally once you discovered that it was in the process of portscanning. This is not that straightforward, though, and not foolproof, but you might prevent some portscanning-attacks from discovering your services, and failing that due to race conditions (i.e. port 25 already having been tried before your system blocked the ip-adress), maybe it would be blocked before it started hammering exploits against it.
I have never tried something like this, though. - Vegard On Thu, Jan 17, 2002 at 10:00:04AM -0500, Adam William Lydick wrote: > That doesn't seem possible to me. NMAP uses, at least for its > SYN/connect() type scans the same sequence of packets that your mail > software would have to use, so if you block one sequence of packets, they > are going to be blocked regardless of the place they are coming from. > > To achieve a similar result, try: > (1) if you are going to be sending mail from a limited set of IP > addresses, try filtering all traffic to that port, except your > "semi-trusted" hosts. This isn't perfect, but will avoid casual scans. > > (2) better yet, set up a VPN between your trusted hosts and your mail > server and you don't need to have a port open for the public internet. > > On Thu, 17 Jan 2002, [iso-8859-1] Eduardo Gon�alves wrote: > > > Hi all, > > > > I have a ipchains rule like this: > > #ipchais -A input -s 0/0 -p tcp -y -j REJECT > > > > so I can block all the SYN packets used by port scanners and avoid them... > > but now I run a smtp server (postfix), and my box must accept SYN packets to > > port 25. > > > > I don't want that anybody knows ( using a scanner ) which is the open port. > > > > My question: > > How can I block port scanners(like nmap) and run my server without > > problems? > > > > > > thanks a lot > > []'s > > Eduardo > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- - Vegard Engen, member of the first RFC1149 implementation team.
