Defenses against Port Scanning
¨Unix systems
–remove all unneeded services in /etc/inetd.conf
–Remove unneeded services in /etc/rc*.d
¨Windows systems
–uninstall unneeded services or shut them off in the services control panel
¨Scan your own systems before the attackers do
¨Use stateful packet filter or proxy-based firewall
–blocks ACK
scans
–Blocks FTP data source port scans