|
Posted by Edwin on May 30, 2008, 11:20 am
If you were Registered and logged in, you could reply and use other advanced thread options $27444$9b4e6d93@newsspool4.arcor-online.net:
> Edwin schrieb:
>> Hi All,
>>
>> I have configured a Pix ASA and opened some ports to dmz and inside for
>> e.g. mail, www and rdp.
>>
>> Is it possible to have the pix hide these open ports from portscans
>> originated from outside? If so, how can it be done?
>
> Can be done by ACL denying access to these ports or by shutting down the
> WAN interface ;-) This is most probably not what you want.
>
> If your PIX refuses to connect to the port the listener of the daemon of
> DMZ' server will not be reachable anymore from the outside This is due
> to the nature of tcp and not related to any special firewall.
>
I fully agree with you. something needs to respond to requests for a
certain port.
I was actually hoping that the Pix had some feature that deals with certain
characteristics of a portscan. Portscans are recognizeable in general...but
maybe not by a pix?
|