Thread Info
  • State Not Answered
  • +4 person also asked this people also asked this
  • Locked Locked
  • Replies 35 replies
  • Subscribers 37 subscribers
  • Views 81736 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG SFOS 16.01 - Anti-Portscan?

Mike Jones

Greetings all,

I'm currently using the home version of Sophos XG and was wondering if there is a way to block port scans? I know that UTM has the ability for anti-portscans, but does XG have this capability as well?

 

Thanks.

 

Mike 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Aditya Patel

    Hi aditya and thanks for the reply. As  mentioned earlier in the thread, a feature request for such a basic feature is like requesting NAT on a router. I think there needs to be a feature request to bring all the basic UTM features into XG. Everyone will vote for it and  I think it will cover most of the feature requests pending for XG [:D]

  • FormerMember
    0 FormerMember in reply to Billybob

    Hi,

     

    is it a big problem for security not to have anti portscan?

    I think so, what do you think about?

     

    Regards Meghan

  • 0 in reply to FormerMember

    Meghan is another of the puzzle missing. More layers you have, more safe you have. So XG is missing another piece....however relying on one product to achieve security is absolutely wrong! A bug mistake that many security admins do.

  • FormerMember
    0 FormerMember in reply to lferrara

    Hi Luk,

     

    it's true, but I don't have so much experience.

    What for a security principe do you recommend, so wich software/hardware products do you use/recommend for one network with no servers, only clients?

     

    Regards Meghan

  • 0 in reply to FormerMember

    Meghan if you have only clients, is firewall should be turned on with no exceptions because connections start from clients to servers and not viceversa. Close all the ports and you will be safe from external attacks. Having Windows Firewall on even on computers will prevent malware from jumping from one computer to another because ports are closed.

    The story is long. Enroll a Security Architect if you need advanced security advices. Send me a PM if you need and we can arrange something!

  • 0 in reply to lferrara

    I thought I would revive this thread, seems to have been dormant for a while now!

    I think this is a require counter measure, in the arena of security, so admins can tell if there are any potential probes being performed.

    Also as a UTM user, this is essential when there is a server out on the 'wild internet', it is invaluable for information about who is trying to interrogate your server.

    I have just voted for this feature, as it is a requirement for our arsenal of tools available for these pesky .... (ooh i feel like I am on scooby doo...lol)

  • 0 in reply to Argo

    Many updates later and still not included...sigh.

  • 0 in reply to Argo

    Are there any updates on this?

  • 0 in reply to Dwayne Parker

    Hi,

    i´m just curious regarding the "use-case" of a anti-port scan feature.

    This is a missing feature in XG - Yes, but i want to understand the benefit of this feature.

    I´m just thinking about the security benefit - The ports are still open, if somebody tries to find all open ports on WAN. If you stop/block a certain IP on WAN with anti port features, "they" will start another WAN IP and continue the other Ports until they have checked all Ports. So what can you do with this kind of information, that somebody wants to know, which Ports you use on WAN? Another Point is - this feature will simply not secure any open vulnerability, which can be open on Port X. It simply can prevent a person to know, you are using Port X,Y,Z on WAN. 

    Read couple of "hacking docs" regarding this. I know, it is one of the first steps to get an overview of the target, but i don´t see the use-case to know which port is open and which is not? Nevertheless, "they" start mostly with the common ports, so you won´t see the port scanning at all. And to be honest, i see the most attacks in the vulnerable ports like 443, 80, 21, etc. Not in some "custom ports" like special products. And even for these products, you use IPS or IDS systems.

    Just personal speaking, would categorise this as "nice to have". Maybe somebody can enlighten me - Would like to take about it!

    Cheers

  • 0 in reply to LuCar Toni

    I believe that on the UTM 9.5 side it knows that if X amount of SYNC or ICMP packets are arriving in sequential order over X amount of time then that IP is blocked from further scan.  For example on UTM 9.5 when I ran the GRC Port scan it was only able to scan the first 30 ports before the rest were just stealthed for that specific IP doing the port scan.  So yeah if you have let say SSL port 443 open, then an Anti-Port scan will never see it, since it would be blocked before it gets there, thus the adversary won't even know that you are running such a protocol.