To reduce the chance of the hacker determining your firewall through direct scanning, you can utilize an intrusion detection system (IDS), ACLs on your routers, or both.

IDS:

  • can both log and recognize a portscan
  • can prevent the scan from ever reaching the firewall itself
  • only measures port scanning in high numbers from a single location
  • a more advanced hacker can fool the system by using multiple scanning hosts and spreading their scans out over time

ACL:

  • provides more protection
  • blocks specific ports that you want to remain hidden