ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

frequent port scanning

https://mail.forum.configserver.com/viewtopic.php?t=11982

Page 1 of 1

frequent port scanning

Posted: 28 Oct 2020, 19:59
by leonep
i am wandering if there is the possibility to block port scans hiding ports (may be block all countries?)
it is performed by icmp protocol ?
thanks

Time: Wed Oct 28 20:49:53 2020 +0100
IP: xxxxxxxxxxx (KR/South Korea/-)
Hits: 11
Blocked: Temporary Block for 3600 seconds [PS_LIMIT]

Sample of block hits:
Oct 28 20:48:10 xxxkernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=xxxxxxxxxxxxxxxxxxxxxxxxxx SRC=xxxxxx DST=xxxxxxxx LEN=60 TOS=0x00 PREC=0x00 TTL=37 ID=42802 DF PROTO=TCP SPT=37074 DPT=465 WINDOW=29200 RES=0x00 SYN URGP=0

Re: frequent port scanning

Posted: 05 Nov 2020, 10:09
by Linuxlover
Hello,
No a server needs a public ip people can obtain it and thus scan your server.I understand your issue is annoying but blocking whole countries will have it's impact on server performance.You could play a little with the csf settings that control portscanning but caution be careful you don't cause a dos on your own server
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited