is there a way to prevent my comp from being port scanned

Well u cant do anything to anyone who is scanning u , the best u can do , is to get a program to loop sending data when someone is connected to specific port , but with that , anyone is able to portbomb you , and u will have more problems. Why dont u just close ports u dont use ?

if you're not running any services than a part scan isn't going to do much- if anything the attacker will most likely looz interest after seeing no services. No, most firewalls can be set up to defunc scans... another fun thing is to run some sort of Honeypot software that would make it appear that all ports were open/listening - most attackers will also skips these - although it would take long to find the real services behind the glob of honeypot stuff...

anyway- if you want to leave a service open to the public- the port is/can always be seen by others. but - as posted above, the best way to do it is to close the services that you don't need...

greetz Coder and others.

I personally recommend ZoneAlarm Pro from Zonelabs set it to High which is stealth mode. you will Dissapear like a "Needle in a hay stack!" also if you are running WIN2k I also recommend Dissabling Net Services {more information found elsewhere on this site along with goodies - alwayz gotta have goodies} which is not necassary on a non-networked based PC. this will discourage potential attackers from using these services to exploit you!..

Hope this has been useful!

Have a nice day

ps: Look for the goodies might find what you're looking for!

pps: 2 many pppssss!

Hmmm... i was using ZoneAlarm some time ago and i thought i'm 'invisible' like you said wicked. I even done some firewall testing on Gibson Research page (something like that) and it shows that i'm in stealth mode but in fact - i wasn't. My friend portscanned me got some results - which he shouldn't right?

I've changed my firewall to McAfee. It has a nice feature preventing portscanning and some other forms of attack. It can ban a ip for some time or 4ever after it classifies that ip actions as port scanning (or others form ot attack). When i was using ZoneAlarm there was no such feature. Works good but has some disadvantages - sometimes can classify proxy checking scans like on irc for example as a port scanning.

Hey but this is still better than ZoneAlarm.

You could always set your Personal Firewall up, and then....

...remotely NMAP it with stealth scan, no PING response required, etc....should enumerate any ports. If you can beat NMAP without a firewall...then your box is pretty well "hidden" from most noob scanners.

Ideally, you want to try and make it a "Black Hole", eating up <and dropping> all packets. The only thing is, for experienced InfoSec, this may present a challenging target.

-Hardcore

Firewalls can't always stop hackers from scanning/finding ports they shouldn't find... Many firewall set-ups are not perfect and can give out much information on a port (even though it's supposed to be hidden). Take a look at HPing, this lil' utility is great for testing firewall rules/weaknesses... You can find white-papers on spotting firewalls with broekn CRC's and such... Check out hPing for firewall testing...

this might be a good subject, worth it's own thread... I'll go do some reading...

Thanks Coder...I am working some firewall <Checkpoint> misconfig issues as well. So any more suggestions/direction would be appreciated. Same goes for the rest of you guys.

Team effort.

-Hardcore

GOOGLE is your friend

http://www.hping.org/
News! Hping3 will be released for late December 2003

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

...for those too lazy to GREP the net...

-Hardcore

yes u can get a firewall / sygate is ncie and u can set it to prevent port scan attempts.

The one, mentioning a kind of problem with ZoneAlarm, has a point....

I'm running ZoneAlarm also.... On a WinXP Machine.... Setting Security Setting as High... (ZoneAlarm).....

Then by using my own n00b Port scanner, i can still get ALL open/listning ports.....

Tried this little thing, on my pal too.... ( Over LAN) Still works.....

Don't know, if it's a big problem, but i guess, it could be.....

Best Regards
/Jeffrey

strictly speaking no you cannot prevent somebody from port scanning you, you can only control your responses to them, now if you would like to do more than just plug your ears (read ports) then grab a traffic cap of this activity and forward it to the abuse desk at their isp as found by somebody like samspade.org or arin.net, while port scanning is not illegal it often is a violation of the terms of service for an isp and they will yank the accound and just generally be nasty on your behalf

disable incoming ICMP

i think the best thing is to close ports and on some firewall and thats it

Zonealarm sucks in all kind of ways, had several probs with it some time ago

I would suggest norton internet security, what's more it has many features and options

It used to be before the days of rampant remote scanning, you could just log connection attempts and bust 1000 people a day these days. Now that %99 of people remote scan, you're only screwing people over who got hacked. What I do is just close all ports to outside connections with my router, hell, go ahead and port scan me, I don't care.

man sorry for the really late response..comp troubles for this much time..sucks

but with the port scan..my college is doing it..the same like 5 ips over and over again..

im thinking report it..but it probably wont do much

Yeah I GOT IT

I found the solution you can stop someone from port scanning you!!!!



1. UNPLUG THE NETWORK CABLE
2. REMOVE YOUR NETWORK CARD
OR
3. TURN OFF THE COMPUTER

sorry just had to say that one

I heard from a software that is a kind of ids call xp port listener taht is listening to your port and when someone scan or coenct to those they send a mesage that u choose for exmaple rou are now log so most of n00b will be freak and go away

I like qullims response the best. Dont connect ur machine to the net and you know your safe. but without hte net, is there a point to having a computer. Not in my mind. Hell without the net, i wouldnt know anything and wouldnt have any programs..

Backto the topic. I do two things to stop port scanning asses. First i have sygate running to block all ports except the ones im using.. It works very well. One guy tried port scanning me and it blocked him and told me his ip and gave me a link to email his isp so that i can get him banned... i like sygate..

The other thing i did was setup an ipsec protocol. I dont really know much about it (as im not a hacker or a networking guy) but there is a site that shows you how to set it up. what it does is block pings. It just shows a timeout to whoever tries to ping ur comp. IPSEC

Just go buy a router for like $40. If you don't port forward anything, there is nothing to scan.

Obviously everyone has mentioned disabling un-neccessary services and using a firewall. Personally when setting up a new box I will do all the service changes and firewall rules implementations and then scan my own pc via NMAP and Nessus. At least with Nessus you'll see any security holes in the services you are running and you can at least patch/fix them.

I absolutely agree with jimmy. Zone Alarm - Sux!!! The best solution to prevent port scanning is to install Agnitum Outpost 2.1 firewall. It' has a lot of interesting options you might like, especially Stealth Mode. Here is just some options out of many more:
Hiding your computer identity from hackers;
Stopping hacker attacks automatically;
Blocking private data from being transmitted;
Preventing mass-mailed worm infections; and
Removing ads and pop-ups.
Link: http://www.agnitum.com/

yeh i found that zonealarm was best uninstalled, too annoying

also i was wondering if there was a stable ipchains equivalent for windows, have been googling for a while but no results

after all who needs a shiny gui with a few big buttons, its all about low level configuration

Prob been said, but here it is in a different light: Layered security is the key:
1) Hardware firewall/Router
2) NAT IPs
3) Disable ICMP
4) Software firewall and close unnecessary ports
5) If you absolutely must use network services (FTP, Telnet, finger, SQL, IIS, Apache, etc.), put them on a box that is dedicated to that cause and place them in a DMZ.
6) Don't do anything dumb like hosting a warez site on the same box that you have your financials on.

r

can any tell me any info on
netpeeker?
its the one i use
so far itys's ben ok on my uni network
but
i would appreciate any good info..
tx

I used netpeeker some time ago, because it had some very nice features, like the option to limit your bandwith to a specified program running. You can also block data transfers wherever you want