How to prevent port scanning by VPN users on a CentOS VPN gateway

Dave asked:

I’m using CentOS as a VPN gateway.

Users connected to my server have access to the internet. The problem is that some of the users’ computers are infected with some kind of worm, and as soon as they connect to server, the worm starts port scanning private IP ranges, like 192.168.1.1-255. I don’t care about the scanning but it’s against the policies of the company that hosts my server.

So, how can I prevent out-going port scans? For example, can I block all outgoing packets sent to private IP ranges?

My answer:


Close the client’s account for Terms of Service/abuse violation.

IF it was unintentional, you can accept them back after they’ve cleaned up their computers. But if it happens a second time, cancel the account forever.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.