Description
This article describes how to block the NMAP port scanner, which is a popular tool for network administrators and attackers alike. As the name implies, it can scan a network for open ports and IPs, providing a basic map of the infrastructure. Attackers can use this to then design an exploit.
Scope
FortiGate.
Solution
There are two choices to protect a network from being scanned.
- Block the 'Portmap' signature in application control, and then apply application control on all internet-facing policies.
Blocking applications with custom signatures.
- Configure a Denial of Service Policy and set the threshold low enough to block an NMAP scan. Refer to the administration guide for information on how to configure a DoS policy.
Related article:
Technical Note: How to set up application control on v5.2.