----- Original Message ----- From: "Azman Salleh" <azmansal@nti.com.my> To: <suse-security@suse.com> Sent: Wednesday, May 28, 2003 4:31 AM Subject: Re: [suse-security] how do I build iptable-protection for scanners like nmap : Sounds like something I can adapt into my *ipchains* rules. I do n't know. The ipchains do n't have "state" ... : But why use "!--syn -m state --state"? Anybody can explain? "!--syn -m state --state NEW": This mean new connection but the flag is not SYN. For normal connection must be SYN but some scanners (nmap...), send flag FIN or other to see if some ports respons... If response must be open.... : Thank you, : Azman Salleh : ----- Original Message ----- : From: "Πλαστήρας Αθανάσιος" <t.plastiras@gsis.gov.gr> : To: <suse-security@suse.com> : Sent: 27 May, 2003 1:27 PM : Subject: Re: [suse-security] how do I build iptable-protection for scanners : like nmap : : : > : > Good Mornning... : > : > To Drop Stealth Scan like nmap you can use the following rules in a simple : > firewall with iptables: : > : > iptables -A INPUT -p tcp ! --syn -m state --state NEW -j : > LOG --log-prefix "Stealth scan" : > iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP : > : > Thanos... : > : > : > Athanasios Plastiras : > Greece : > Athens : > : > : > : > -- : > Check the headers for your unsubscription address : > For additional commands, e-mail: suse-security-help@suse.com : > Security-related bug reports go to security@suse.de, not here : > : > : > : : : -- : Check the headers for your unsubscription address : For additional commands, e-mail: suse-security-help@suse.com : Security-related bug reports go to security@suse.de, not here : :