Answer the question
In order to leave comments, you need to log in
How to prevent network users behind a router from scanning ports?
Please tell me, is there a router on Debian, can I disable it somehow through a firewall or other means so that users do not scan white ip ports?
Answer the question
In order to leave comments, you need to log in
No.
You can protect a specific car from probing:iptables -A INPUT -p icmp --icmp-type timestamp-request -j DROP
iptables -L -v -n
There is another article on Habré.
In general, no. You can, of course, block SYN segments when signs of a scan are detected (a linearly increasing destination port number, for example), but the user can start scanning ports in a random or pseudo-random order. You can block SYN segments completely, but then TCP will not work.
Also, it's a bit unclear what you want to achieve. What difference does it make to you whether a user scans someone or not? If he is engaged in illegal activity, this is the business of the internal affairs bodies. If the problem is in the "letters of happiness" ("you are scanning us, stop") - in most cases these are letters automatically generated by various IDS, there is little sense in them. As a last resort, you can block the most active "offenders".
In my view, if someone does not like being scanned, it is much easier for him technically to protect his server himself. Although I consider this one of the manifestations of the "security through obscurity" approach. If you (or the ISP) start trying to filter such traffic, it will either be inefficient or have negative side effects.
You can, and it is highly recommended , filter traffic to prevent spoofing, i.e. spoofing source addresses, it's much easier and much more useful.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question