Re: [suse-security] how do I build iptable-protection for scanners like nmap
RE: [suse-security] how do I build iptable-protection for scanners like nmapMichael, Seems to me that ipchains equivalent to "! --syn" is "! -y", but wouldn't "iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP " drop ANY incoming connections from internet? This would even drop valid http requests, not just the stealth portscans. Thank you, Azman Salleh ----- Original Message ----- From: Paxton, Michael To: 'Azman Salleh' Sent: 28 May, 2003 11:41 AM Subject: RE: [suse-security] how do I build iptable-protection for scanners like nmap Hi Azman Basically it says: If you are not establishing a new connection (! --syn) and you are not an established connection (-m state --state NEW) drop the packet. The stateful side of things I dont think you can do with ipchains.. Michael
-----Original Message----- From: Azman Salleh [mailto:azmansal@nti.com.my] Sent: Wednesday, 28 May 2003 11:32 AM To: suse-security@suse.com Subject: Re: [suse-security] how do I build iptable-protection for scanners like nmap
Sounds like something I can adapt into my *ipchains* rules. But why use "!--syn -m state --state"? Anybody can explain?
Thank you, Azman Salleh ----- Original Message ----- From: "Πλαστήρας Αθανάσιος"
To: Sent: 27 May, 2003 1:27 PM Subject: Re: [suse-security] how do I build iptable-protection for scanners like nmap Good Mornning...
To Drop Stealth Scan like nmap you can use the following
rules in a simple
firewall with iptables:
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "Stealth scan" iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
Thanos...
Athanasios Plastiras Greece Athens
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (1)
-
Azman Salleh