• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to block scan port 22?

Scheduled Pinned Locked Moved Firewalling
8 Posts 4 Posters 1.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • V
    vinacaptcha
    last edited by May 20, 2014, 8:44 AM

    Hello all,

    How to block scan port 22 on LAN?
    So, still allow PC on LAN connect to SSH on port 22, but when detect PC is scanning port 22 then block. How to config on pfsense router?
    Thanks for advance help :)

    1 Reply Last reply Reply Quote 0
    • V
      vinacaptcha
      last edited by May 21, 2014, 8:18 AM

      Anybody help me ! thanks

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by May 21, 2014, 11:28 AM

        Not sure how you would block an internal port 22 scan. The traffic should never reach a firewall. So unless you have a layer 3 switch that can filter that out, there is no firewall that can do this. Now, if the traffic is scanning the internet, a pass rule above the main allow rule with advanced options might do the trick that only scans for port 22. So you can set if there are more than 5 new sessions per second, block.

        1 Reply Last reply Reply Quote 0
        • K
          kpa
          last edited by May 21, 2014, 12:04 PM

          Block access to port 22 on the LAN rules except for selected hosts that you configure with static and known IP addresses. Also disable password authentication on SSH and enforce the use of SSH public keys for login.

          1 Reply Last reply Reply Quote 0
          • V
            vinacaptcha
            last edited by May 21, 2014, 5:23 PM

            @podilarius : Yes, you understood me. So, I need the advanced guide as you said " if there are more than 5 new sessions per second, block" <= Can you help me make a rules for this one?

            @kpa: Thanks you, but I don't block that PC if it don't scan port 22, only block PC scanning port 22.

            Thanks

            1 Reply Last reply Reply Quote 0
            • B
              BBcan177 Moderator
              last edited by May 21, 2014, 8:47 PM

              Hi vinacaptcha,

              You can accomplish that with the Snort or Suricata Package.

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              1 Reply Last reply Reply Quote 0
              • V
                vinacaptcha
                last edited by May 22, 2014, 4:21 AM

                @BBcan17 : Yes, Thanks.
                I will review Snort now. So, difficult or advanced.

                1 Reply Last reply Reply Quote 0
                • B
                  BBcan177 Moderator
                  last edited by May 22, 2014, 4:49 AM

                  @vinacaptcha:

                  @BBcan17 : Yes, Thanks.
                  I will review Snort now. So, difficult or advanced.

                  We're all a pfSense family.. take a look at the following link to setup Snort or Suricata (I would recommend Snort as its a little easier to setup)

                  https://forum.pfsense.org/index.php?topic=61018.0

                  When you need help post a question in the "packages" forum.

                  "Experience is something you don't get until just after you need it."

                  Website: http://pfBlockerNG.com
                  Twitter: @BBcan177  #pfBlockerNG
                  Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                  1 Reply Last reply Reply Quote 0
                  8 out of 8
                  • First post
                    8/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received