Hi Lists, I have set up my own iptables rules, when I portscan myself with nmap -sT I see all my ports closed. When I try to portscan myself with nmap -sS or other scan types I see my ports "filtered" I would like to see them "closed", but it looks like I need to reject those packets not only with icmp-port-unreachable but with tcp packets (reading nmap man page). How can I reject packets with tcp packets as reply? Praise
Hi Lists,
I have set up my own iptables rules, when I portscan myself with nmap -sT I see all my ports closed. When I try to portscan myself with nmap -sS or other scan types I see my ports "filtered" I would like to see them "closed", but it looks like I need to reject those packets not only with icmp-port-unreachable but with tcp packets (reading nmap man page). How can I reject packets with tcp packets as reply?
send back tcp resets. iptables -A INPUT -p 6 -d ip.of.your.waneth -i $waneth -j REJECT --reject-with tcp-reset. this can only be applied to -p 6 and filter table. in order to send back tcp-rst you must open the corresponding output rule. Also, this enables others to fingerprint your OS. It may be better to drop the traffic. But if you want to secure obscurely make sure you answer correspondingly to udp requests to closed ports. Such answers would be icmp dest unreach port unreachable. I tried to camouflage the firewall. Maybe I've done unproper work, but results for nmap xmas, fin and null scans were not as expected. All this traffic was dropped. I didn't go deeper into that. HTH Philipp
Praise
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (2)
-
Philipp Snizek
-
Praise