How to block scan port 22?
-
Hello all,
How to block scan port 22 on LAN?
So, still allow PC on LAN connect to SSH on port 22, but when detect PC is scanning port 22 then block. How to config on pfsense router?
Thanks for advance help :) -
Anybody help me ! thanks
-
Not sure how you would block an internal port 22 scan. The traffic should never reach a firewall. So unless you have a layer 3 switch that can filter that out, there is no firewall that can do this. Now, if the traffic is scanning the internet, a pass rule above the main allow rule with advanced options might do the trick that only scans for port 22. So you can set if there are more than 5 new sessions per second, block.
-
Block access to port 22 on the LAN rules except for selected hosts that you configure with static and known IP addresses. Also disable password authentication on SSH and enforce the use of SSH public keys for login.
-
@podilarius : Yes, you understood me. So, I need the advanced guide as you said " if there are more than 5 new sessions per second, block" <= Can you help me make a rules for this one?
@kpa: Thanks you, but I don't block that PC if it don't scan port 22, only block PC scanning port 22.
Thanks
-
Hi vinacaptcha,
You can accomplish that with the Snort or Suricata Package.
-
@BBcan17 : Yes, Thanks.
I will review Snort now. So, difficult or advanced. -
@BBcan17 : Yes, Thanks.
I will review Snort now. So, difficult or advanced.We're all a pfSense family.. take a look at the following link to setup Snort or Suricata (I would recommend Snort as its a little easier to setup)
https://forum.pfsense.org/index.php?topic=61018.0
When you need help post a question in the "packages" forum.