Defense against nmap tcp synchronise scans

Assuming that a host does not require a Telnet service running in it, is it possible to create a fake telenet process that listens to the Telnet port and blocks all IP that tries to make a connection (TCP-SYN) with it ?? The attacker when tries to scan this host using nmap, it makes send a TCP-SYN t o telnet port (not in all cases) , the host can now get the source IP and b locks all connection from that IP. Will this defense concept work ???

Reply to
MELWIN JOSE
Loading thread data ...

iptables -A -p tcp --dport 23 -j REJECT is one solution.

Doesn't make sense at all and is no defense concept.

cheers

Reply to
Burkhard Ott

Google for portsentry. It's an ancient script/tool that does this.

Best regards Thomas

Reply to
Thomas Keusch

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.