Forums: Prevent My Comp From Being Portscanned - Forums

Jump to content

  • (2 Pages)
  • +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

Prevent My Comp From Being Portscanned as topic says

#1 Guest_Mrx_*

  • Group: Guests

Posted 27 October 2003 - 01:56 PM

is there a way to prevent my comp from being port scanned
0

#2 User is offline   boshcash 

  • Master Sergeant
  • Icon
  • Group: Specialist
  • Posts: 461
  • Joined: 09-October 03

Posted 28 October 2003 - 02:09 AM

Well u cant do anything to anyone who is scanning u , the best u can do , is to get a program to loop sending data when someone is connected to specific port , but with that , anyone is able to portbomb you , and u will have more problems. Why dont u just close ports u dont use ?
0

#3 Guest_coder_*

  • Group: Guests

Posted 28 October 2003 - 06:32 AM

if you're not running any services than a part scan isn't going to do much- if anything the attacker will most likely looz interest after seeing no services. No, most firewalls can be set up to defunc scans... another fun thing is to run some sort of Honeypot software that would make it appear that all ports were open/listening - most attackers will also skips these - although it would take long to find the real services behind the glob of honeypot stuff...

anyway- if you want to leave a service open to the public- the port is/can always be seen by others. but - as posted above, the best way to do it is to close the services that you don't need...
0

#4 Guest_wicked_*

  • Group: Guests

Post icon  Posted 31 October 2003 - 05:47 PM

greetz Coder and others.

I personally recommend ZoneAlarm Pro from Zonelabs set it to High which is stealth mode. you will Dissapear like a "Needle in a hay stack!" also if you are running WIN2k I also recommend Dissabling Net Services {more information found elsewhere on this site along with goodies - alwayz gotta have goodies} which is not necassary on a non-networked based PC. this will discourage potential attackers from using these services to exploit you!..

Hope this has been useful!

Have a nice day B)

ps: Look for the goodies might find what you're looking for!

pps: 2 many pppssss!
0

#5 User is offline   Sh4dowWalker 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 49
  • Joined: 10-September 03

Posted 10 November 2003 - 07:58 AM

Hmmm... i was using ZoneAlarm some time ago and i thought i'm 'invisible' like you said wicked. I even done some firewall testing on Gibson Research page (something like that) and it shows that i'm in stealth mode but in fact - i wasn't. My friend portscanned me got some results - which he shouldn't right?

I've changed my firewall to McAfee. It has a nice feature preventing portscanning and some other forms of attack. It can ban a ip for some time or 4ever after it classifies that ip actions as port scanning (or others form ot attack). When i was using ZoneAlarm there was no such feature. Works good but has some disadvantages - sometimes can classify proxy checking scans like on irc for example as a port scanning.

Hey but this is still better than ZoneAlarm.
0

#6 Guest_Hardcore_*

  • Group: Guests

Posted 29 November 2003 - 02:11 AM

You could always set your Personal Firewall up, and then....

...remotely NMAP it with stealth scan, no PING response required, etc....should enumerate any ports. If you can beat NMAP without a firewall...then your box is pretty well "hidden" from most noob scanners.

Ideally, you want to try and make it a "Black Hole", eating up <and dropping> all packets. The only thing is, for experienced InfoSec, this may present a challenging target.

-Hardcore
0

#7 Guest_coder_*

  • Group: Guests

Posted 29 November 2003 - 05:34 AM

Firewalls can't always stop hackers from scanning/finding ports they shouldn't find... Many firewall set-ups are not perfect and can give out much information on a port (even though it's supposed to be hidden). Take a look at HPing, this lil' utility is great for testing firewall rules/weaknesses... You can find white-papers on spotting firewalls with broekn CRC's and such... Check out hPing for firewall testing...

this might be a good subject, worth it's own thread... I'll go do some reading... :D
0

#8 Guest_Hardcore_*

  • Group: Guests

Posted 01 December 2003 - 02:08 PM

Thanks Coder...I am working some firewall <Checkpoint> misconfig issues as well. So any more suggestions/direction would be appreciated. Same goes for the rest of you guys.

Team effort.

-Hardcore
0

#9 User is offline   Dillinja 

  • Specialist
  • Icon
  • Group: Specialist
  • Posts: 1,014
  • Joined: 18-June 03

Posted 01 December 2003 - 03:50 PM

wicked, on Nov 1 2003, 01:47 AM, said:

I personally recommend ZoneAlarm Pro from Zonelabs set it to High which is stealth mode. you will Dissapear like a "Needle in a hay stack!"

I would actually go the other direction and use OS deception (IP stack emulation) in combination with normal firewalling practises and tarpitting selected ports.
If you are running an x86 Linux box for example, and TCP fingerprinting calls it as an MS system (or even a commodore ;) ) then you are going to get an extra level of protection through misdirection.
While of course, not 100% foolproof...its guarenteed to fool at least 90% of skiddies out there!

Have to agree with you about HPing, coder! Best packet crafter Ive used (well, havent used many since Ive used HPing! :D )

Very good thread btw!
0

#10 Guest_Hardcore_*

  • Group: Guests

Posted 01 December 2003 - 09:45 PM

GOOGLE is your friend

http://www.hping.org/
News! Hping3 will be released for late December 2003

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

...for those too lazy to GREP the net...

-Hardcore
0

#11 User is offline   SLiM577 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 83
  • Joined: 30-November 03

Posted 06 December 2003 - 11:26 AM

yes u can get a firewall / sygate is ncie and u can set it to prevent port scan attempts.
0

#12 Guest_Jeffrey_*

  • Group: Guests

Posted 17 December 2003 - 07:00 AM

The one, mentioning a kind of problem with ZoneAlarm, has a point....

I'm running ZoneAlarm also.... On a WinXP Machine.... Setting Security Setting as High... (ZoneAlarm).....

Then by using my own n00b Port scanner, i can still get ALL open/listning ports.....

Tried this little thing, on my pal too.... ( Over LAN) Still works..... <_<

Don't know, if it's a big problem, but i guess, it could be..... :(

Best Regards
/Jeffrey
0

#13 Guest_ikkyu_*

  • Group: Guests

Posted 20 December 2003 - 08:40 AM

strictly speaking no you cannot prevent somebody from port scanning you, you can only control your responses to them, now if you would like to do more than just plug your ears (read ports) then grab a traffic cap of this activity and forward it to the abuse desk at their isp as found by somebody like samspade.org or arin.net, while port scanning is not illegal it often is a violation of the terms of service for an isp and they will yank the accound and just generally be nasty on your behalf
0

#14 User is offline   Travis 

  • Specialist
  • Icon
  • Group: Specialist
  • Posts: 2,101
  • Joined: 26-February 03

Posted 20 December 2003 - 12:23 PM

disable incoming ICMP
0

#15 User is offline   AdmiralB 

  • Sergeant First Class
  • Icon
  • Group: Members
  • Posts: 312
  • Joined: 24-December 03

Posted 28 December 2003 - 04:01 PM

i think the best thing is to close ports and on some firewall and thats it
0
  • (2 Pages)
  • +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

  • Share



Our Sponsors:


SwiftLayer Affiliate Web Hosting