Can I block port scans at my firewall?

Article:TECH78769  |  Created: 2001-01-18  |  Updated: 2002-01-18  |  Article URL http://www.symantec.com/docs/TECH78769
Article Type
Technical Solution


Issue



You want to know if you can block a port scan from hitting your firewall (i.e. trying to place the firewall on Stealth mode). You do not want the outside world to see the ports that the firewall is listening on.


Cause



block port scan stealth interface filters

Solution



You can block port scans at the firewall by using Interface Filters. For more information on this process, see the document How to enhance the Symantec Enterprise Firewall security with interface filters. However, any port you block or filter out will not function, even for legitimate outbound traffic.

This is because the Raptor Firewall permits or denies IP packets at the application layer of the OSI model. The firewall interfaces and the operating system need to listen on ports that are in use by the firewall daemons or any Generic Service Passers (GSPs) in order to pass traffic.

NOTE: It is acceptable for the outside world to see what ports is the firewall listening on because the firewall, configured properly, only allows valid traffic. It is not possible to make the firewall invisible (Stealth mode) to scans or pings because, for the firewall to work, it needs to listen on the port numbers where it expects traffic.





Legacy ID



2000061319525954


Article URL http://www.symantec.com/docs/TECH78769


Terms of use for this information are found in Legal Notices