----- Original Message -----
From: "Sigfred Håversen"
To:
Sent: Monday, May 26, 2003 11:43 PM
Subject: Re: [suse-security] how do I build iptable-protection for scanners
like nmap
: On Monday 26 May 2003 21:52, Arjen de Korte wrote:
: > On Monday 26 May 2003 21:03, Sigfred Håversen wrote:
: > > Just buying a cheap DSL router, and let it function as some kind of
: > > "personal firewall", will help many people alot against
: > > misconfigurations.
: >
: > I think most users with at least two brain cells can manage to set the
: > single configuration parameter of the personal firewall.
:
: You are talking out of your ass.
:
: > For modem, ISDN
: > and DSL connections, it requires one mouse click to 'Activate Firewall'.
: > Easy enough.
:
: One click? From Yast?
:
:
: /Sigfred
:
:
Good Mornning...
To Drop Stealth Scan like nmap you can use the following rules in a simple
firewall with iptables:
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j
LOG --log-prefix "Stealth scan"
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
Thanos...
Athanasios Plastiras
Greece
Athens