Ask the Expert

How to block port scan attempts on a public wireless network

I work in a large library and we have two separate networks, one for public access and another that serves as our private internal network. A week or so ago, someone on my public access network ran a port scan that ideally would not be authorized. What would be the best way to prevent public users from initiating a scan on a public computer or notebook connected to the public wireless interface?

    Requires Free Membership to View

Given the very nature of the public wireless network, it is tricky to proactively deal with port scanning attempts.

We can attempt to deal with this at the network level, but having both the system we need to protect and the unauthorized scanning system on the same VLAN makes it difficult to identify a choke point or a tap to deploy proactive network-based detective/preventive capabilities, like a network-based intrusion prevention system (IPS).

Ideally you would want to deal with this at a host level. To clarify, the host here is the system you are trying to protect. Depending on the OS type, there are a few host-based products available that can block port scan attempts. In the Windows world, there are some mature offerings from antivirus companies that feature both a built-in firewall and an IPS. In the Unix/Linux world, an interesting utility to look at is Port Scan Attack Detector (PSAD), which leverages iptable logs and tracks port-scanning attempts. It has the capability to block the source initiating the scan due to its close integration with iptables. Read Eckie Silapaswang's article, which goes over an active blocking deployment scenario with PSAD.

This was first published in June 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: