First, just a bit of background:
My ISP has decided to block all inbound connections (from their customers' perspective) which effectively means that I can no longer host anything on my connection (FTP, HTTP etc.) or use any of a number of programs that require one or more listening ports to be specified for use by inbound connections (SSH, RDP, uTorrent, etc. etc.)
Apparently they recently "suffered" a port scan attack on an entire IP range that has been allocated for use by their subscribers and their reasoning now (as a metered-bandwidth ISP) is that allowing inbound connections again will generate too much additional, unsolicited traffic which the majority of their subscribers will not be willing to pay for (or even understand where it's coming from).
I disagree in that, in the grand scheme of things, I don't think a bunch of SYN packets and the resulting NACK (?) packets as sent back from a host-based firewall (for example) will end up causing THAT much additional traffic.
My question is whether there is any way in which I can measure the amount of bandwidth that such a port scan will typically generate if I were to scan all the ports on my own machine? nmap is ideal for this, but I'm not sure how one would measure the total bandwidth (including the 'reject' packets sent back from the target machine, if any).
I am fairly proficient with the bash shell and know my way around Linux. Any help would be greatly appreciated!
Best Answer
You can use iptables(add allow rules)
Scanning host 8.8.8.8: