- Apr 25, 2015
- 1,845
- 2
- 2,199
- 327
MikroTik: https://wiki.mikrotik.com/wiki/Drop_port_scanners - https://monovm.com/blog/how-to-block-port-scanner-in-mikrotik/
PSAD: https://www.cipherdyne.org/LinuxFirewalls/ch05/ - https://n0where.net/port-scan-attack-detector-psad - https://manpages.ubuntu.com/manpages/precise/man8/psad.8.html - https://hackertarget.com/psad-port-scan-detection-in-ubuntu-linux/
Snort: https://www.hackingarticles.in/detect-nmap-scan-using-snort/ "Hence you can block this IP to protect your network from further scanning." - https://resources.infosecinstitute.com/snort-network-recon-techniques - https://stackoverflow.com/a/52421369 - SNORT IS GOOD SHIT MAN ;]
pfSense: https://www.agix.com.au/automatically-block-intruders-with-pfsense/ - https://turbofuture.com/internet/Ho...ck-List-and-Country-Block-Package-for-pfSense - http://infosecdc.blogspot.com/2019/03/blocking-port-scans-on-pfsense.html - importantly note that Suricata or Snort can a little better perform this.
Suricata: https://medium.com/@almog009/how-to-detect-hackers-port-scanning-in-less-than-50-bucks-40ff71a86aea
Security Onion: https://www.futurelearn.com/courses/network-security-basics/0/steps/46401 - https://www.giac.org/paper/gsec/379...ber-threat-intelligence-based-approach/149584 ("At this step, Security Onion once again alerts to the port scan and provides useful information to security analysts that may have to respond to the breach"){same: https://www.sans.org/reading-room/whitepapers/networksecurity/paper/38740 } - very thorough example of forwarding all traffic https://medium.com/@samuelabiodun/h...m-on-aws-using-open-source-tools-8b755e965d54
Zeek (formerly known as "Bro"): https://blog.rapid7.com/2017/06/24/how-to-install-and-configure-bro-on-ubuntu-linux/
Other helpful reading/watching:
These are a bunch of IDS-related tools to keep your system(s) safe from attackers, especially starting with the initial discovery of ports on your machines. Port scanning is usually a first step an attacker will take to find what services you have running, to then attack.
PSAD: https://www.cipherdyne.org/LinuxFirewalls/ch05/ - https://n0where.net/port-scan-attack-detector-psad - https://manpages.ubuntu.com/manpages/precise/man8/psad.8.html - https://hackertarget.com/psad-port-scan-detection-in-ubuntu-linux/
Snort: https://www.hackingarticles.in/detect-nmap-scan-using-snort/ "Hence you can block this IP to protect your network from further scanning." - https://resources.infosecinstitute.com/snort-network-recon-techniques - https://stackoverflow.com/a/52421369 - SNORT IS GOOD SHIT MAN ;]
pfSense: https://www.agix.com.au/automatically-block-intruders-with-pfsense/ - https://turbofuture.com/internet/Ho...ck-List-and-Country-Block-Package-for-pfSense - http://infosecdc.blogspot.com/2019/03/blocking-port-scans-on-pfsense.html - importantly note that Suricata or Snort can a little better perform this.
Suricata: https://medium.com/@almog009/how-to-detect-hackers-port-scanning-in-less-than-50-bucks-40ff71a86aea
Security Onion: https://www.futurelearn.com/courses/network-security-basics/0/steps/46401 - https://www.giac.org/paper/gsec/379...ber-threat-intelligence-based-approach/149584 ("At this step, Security Onion once again alerts to the port scan and provides useful information to security analysts that may have to respond to the breach"){same: https://www.sans.org/reading-room/whitepapers/networksecurity/paper/38740 } - very thorough example of forwarding all traffic https://medium.com/@samuelabiodun/h...m-on-aws-using-open-source-tools-8b755e965d54
Zeek (formerly known as "Bro"): https://blog.rapid7.com/2017/06/24/how-to-install-and-configure-bro-on-ubuntu-linux/
Other helpful reading/watching:
These are a bunch of IDS-related tools to keep your system(s) safe from attackers, especially starting with the initial discovery of ports on your machines. Port scanning is usually a first step an attacker will take to find what services you have running, to then attack.
