Q

How to block port scan attempts on a public wireless network

Network security expert Anand Sastry explains how to block port scan attempts on a public wireless network at the host level.

This Content Component encountered an error

I work in a large library and we have two separate networks, one for public access and another that serves as our private internal network. A week or so ago, someone on my public access network ran a port scan that ideally would not be authorized. What would be the best way to prevent public users from initiating a scan on a public computer or notebook connected to the public wireless interface?

Given the very nature of the public wireless network, it is tricky to proactively deal with port scanning attempts.

We can attempt to deal with this at the network level, but having both the system we need to protect and the unauthorized scanning system on the same VLAN makes it difficult to identify a choke point or a tap to deploy proactive network-based detective/preventive capabilities, like a network-based intrusion prevention system (IPS).

Ideally you would want to deal with this at a host level. To clarify, the host here is the system you are trying to protect. Depending on the OS type, there are a few host-based products available that can block port scan attempts. In the Windows world, there are some mature offerings from antivirus companies that feature both a built-in firewall and an IPS. In the Unix/Linux world, an interesting utility to look at is Port Scan Attack Detector (PSAD), which leverages iptable logs and tracks port-scanning attempts. It has the capability to block the source initiating the scan due to its close integration with iptables. Read Eckie Silapaswang's article, which goes over an active blocking deployment scenario with PSAD.

This was first published in June 2010

Dig deeper on Wireless LAN Design and Setup

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close