RE: [suse-security] how do I build iptable-protection for scanners like nmapMichael, Seems to me that ipchains equivalent to "! --syn" is "! -y", but wouldn't "iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP " drop ANY incoming connections from internet? This would even drop valid http requests, not just the stealth portscans. Thank you, Azman Salleh ----- Original Message ----- From: Paxton, Michael To: 'Azman Salleh' Sent: 28 May, 2003 11:41 AM Subject: RE: [suse-security] how do I build iptable-protection for scanners like nmap Hi Azman Basically it says: If you are not establishing a new connection (! --syn) and you are not an established connection (-m state --state NEW) drop the packet. The stateful side of things I dont think you can do with ipchains.. Michael

-----Original Message----- From: Azman Salleh [mailto:azmansal@nti.com.my] Sent: Wednesday, 28 May 2003 11:32 AM To: suse-security@suse.com Subject: Re: [suse-security] how do I build iptable-protection for scanners like nmap

Sounds like something I can adapt into my *ipchains* rules. But why use "!--syn -m state --state"? Anybody can explain?

Thank you, Azman Salleh ----- Original Message ----- From: "Πλαστήρας Αθανάσιος" To: Sent: 27 May, 2003 1:27 PM Subject: Re: [suse-security] how do I build iptable-protection for scanners like nmap

...

Good Mornning...

To Drop Stealth Scan like nmap you can use the following

rules in a simple

...

firewall with iptables:

iptables -A INPUT -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "Stealth scan" iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

Thanos...

Athanasios Plastiras Greece Athens

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here