Block Port Scans - SBS 2003
|
From: ColinA on 13 May 2010 03:05 Is there a simple way of blocking port scans on SBS 2003 Std...?
From: Larry Struckmeyer[SBS-MVP] on 13 May 2010 07:32 Colin: Cliff covered it. Since I had this mostly ready when his much more informative post turned up, I am going to send it so the keystrokes are not totally wasted. There is one bit of useful info in my last sentance. If you mean "Can you as the administrator of an SBS network prohibit the world from scanning your edge device for port vunerbility?", the answer is no, afaik. What you can do is restrict your port forwards from your edge device to the SBS server to only those absolutely necessary and keep *strong* passwords on all devices including and from the edge device in. - Larry Please post the resolution to your issue so others may benefit - Get Your SBS Health Check at www.sbsbpa.com > Is there a simple way of blocking port scans on SBS 2003 Std...? >
From: ColinA on 14 May 2010 03:55 Thanks for all this Gents... The reason I ask is that I see more and more port scans going on, so I obviously get worried... I always setup very complicated passwords and ensure the servers are patched to the very latest levels..., so given what you are saying..., that is about all you can do... Col "Larry Struckmeyer[SBS-MVP]" <lstruckmeyer(a)mis-wizards.com> wrote in message news:4e683515f9578ccc085883e8fc9(a)news.microsoft.com... > Colin: > > Cliff covered it. Since I had this mostly ready when his much more > informative post turned up, I am going to send it so the keystrokes are > not totally wasted. There is one bit of useful info in my last sentance. > > If you mean "Can you as the administrator of an SBS network prohibit the > world from scanning your edge device for port vunerbility?", the answer is > no, afaik. What you can do is restrict your port forwards from your edge > device to the SBS server to only those absolutely necessary and keep > *strong* passwords on all devices including and from the edge device in. > > - > Larry > Please post the resolution to your > issue so others may benefit > - > Get Your SBS Health Check at > www.sbsbpa.com > > >> Is there a simple way of blocking port scans on SBS 2003 Std...? >> > >
From: Cliff Galiher - MVP on 14 May 2010 07:45 Well, I won't say it is *all* you can do. Certainly there are threat management strategies that will block IPs that are performing port-scans. However that is a *reactive* measure and there runs the risk of false-positives. But, to look at it another way, I wouldn't stress about port scans in the first place. Someone is doing a very *basic* probe on the external-facing interface(s) of your network. Worrying about port-scanning is like worrying that someone can see your house when they drive down the street. Yes, your house is there, it is visible, and they know it exists. But if they chose to break in, they have to take more steps. They have to walk up to the house, try various methods of entry (see if the door is locked, kick in the door, break a window) and all of those are pretty attention-getting and invasive. Similarly, port-scanning is itself harmless. They are identifying your server, maybe so far as taking notes that it has a door and a few windows, but they don't know anything about the security of your server. To find that out requires performing more invasive probes your systems that a port-scan simply doesn't cover. And as long as you check your logs, have a decent firewall in place (say no to Linksys consumer "routers" in businesses!), and use strong passwords (keeping the door locked), you'll both be more safe and know what was attempted, when, and by whome (At least down to the IP address) for reporting appropriately. Port-scans? I ignore them. Otherwise I'd be going out of my head....and buying camouflage netting to try and hide my house from people driving down my street... -Cliff "ColinA" <colin(a)xxxx.com> wrote in message news:Ow2kTrz8KHA.3276(a)TK2MSFTNGP02.phx.gbl... > Thanks for all this Gents... > > The reason I ask is that I see more and more port scans going on, so I > obviously get worried... > > I always setup very complicated passwords and ensure the servers are > patched to the very latest levels..., so given what you are saying..., > that is about all you can do... > > Col > > "Larry Struckmeyer[SBS-MVP]" <lstruckmeyer(a)mis-wizards.com> wrote in > message news:4e683515f9578ccc085883e8fc9(a)news.microsoft.com... >> Colin: >> >> Cliff covered it. Since I had this mostly ready when his much more >> informative post turned up, I am going to send it so the keystrokes are >> not totally wasted. There is one bit of useful info in my last sentance. >> >> If you mean "Can you as the administrator of an SBS network prohibit the >> world from scanning your edge device for port vunerbility?", the answer >> is no, afaik. What you can do is restrict your port forwards from your >> edge device to the SBS server to only those absolutely necessary and keep >> *strong* passwords on all devices including and from the edge device in. >> >> - >> Larry >> Please post the resolution to your >> issue so others may benefit >> - >> Get Your SBS Health Check at >> www.sbsbpa.com >> >> >>> Is there a simple way of blocking port scans on SBS 2003 Std...? >>> >> >>
From: Joe on 14 May 2010 15:26 On 14/05/10 08:55, ColinA wrote: > Thanks for all this Gents... > > The reason I ask is that I see more and more port scans going on, so I > obviously get worried... > > I always setup very complicated passwords and ensure the servers are > patched to the very latest levels..., so given what you are saying..., > that is about all you can do... > You're connected to the Internet... no, you're doing about as much as you can. I'd be very surprised if you find any one IP address that is heavily involved, and it's not practical to block half the world. The IP address map is extremely fragmented. Yes, I've thought about it and done a little investigation. While I run my own occasionally, I've never actually seen a hostile port scan, though there's only one router which I have configured to log connections. I look at it just to see what's currently fashionable (mostly telnet and web proxies, if anyone's interested). But port scanning does not involve any listening applications to the level at which they will log failures, so without reading router logs, you'll never know if you're scanned. I've never bothered logging failures on my own router. You don't mention if you're the only user on this network. Is it possible that another user has discovered Steve Gibson's Shields Up!! (sorry) website (http://grc.com)? That's a quick and dirty method of having your network scanned for open ports, and while the 'common ports' option only checks the privileged ports plus a few others, it makes a mess in the logs. But a whois on the IP address used will make it clear if it's his site, it's a 4.79.something address. -- Joe
|
Pages: 1 Prev: Directory Services Errors with SBS 2003 R2 Server Next: Exchange 2007 SP2 Issues |