How Do You Handle Portscanning Attacks?

Posted by Cliff on Wednesday June 15, 2005 @07:49AM from the online-hassles dept.

Kainaw asks: "I tried to submit this earlier, but I couldn't because I had no bandwidth available. The reason is simple: I use Comcast for cable Internet. My modem/router is portscanned constantly. Nothing makes it past the router, so everyone tells me that it isn't an issue. Well, it is when I can't access any webpages, get email, or even submit a simple article to Ask Slashdot because my entire bandwidth is eaten up by script kiddies with a new portscanner toy. This is a two-part question: First, can anything be done with a simple at-home modem/Linksys router/two computer setup to stop a portscanning attack? Second, is it possible for the Linksys router to become a 'bot' and actually be the originator of much of the traffic?"

1 of 140 comments (clear)

Min score:

Reason:

Sort:

Re:Tarpit... by farble1670 · 2005-06-15 11:30 · Score: 5, Insightful

so, the fellow posting the question is probably not the unix guru type, or he wouldn't have posted the question. to suggest that someone of low level or even moderate technical level start maintaining a unix box with firewall software is overkill to say the least. consider the power you're sucking for two boxes vs. one. consider the complexity of configuring rules. consider the space required for another box in your house (a lot of us live in apts or condos). consider the cost of aquiring the physical box (okay, pretty cheap, but probably not free).
as long as you do not need to do anything fancy, the simplified firewalls on consumer-level routers work fine. i have ICMP echo turned off, and a few well-know ports open for apps. no problems.

if this doesn't fix it for him, clearly this guy has some larger problem than port scanning. let's no mislead him.