[Beds] IPTABLES
Stephen Elliott
techweb at ntlworld.com
Tue Feb 21 17:36:34 GMT 2006
Hi,
Does anyone know how I can block stealth scans with IPTABLES. I've put the
following in place but it does not catch nmaps -sS scan.
#TCP State Checking Table(tcp-state-flags)
#Detect BAD TCP PACKETS & pass to (log-tcp-state) This logs and drops
# All of the bits are cleared
iptables -A tcp-state-flags -p tcp --tcp-flags ALL NONE -j log-tcp-state
# SYN and FIN are both set
iptables -A tcp-state-flags -p tcp --tcp-flags SYN,FIN SYN,FIN -j
log-tcp-state
# SYN and RST are both set
iptables -A tcp-state-flags -p tcp --tcp-flags SYN,RST SYN,RST -j
log-tcp-state
# FIN and RST are both set
iptables -A tcp-state-flags -p tcp --tcp-flags FIN,RST FIN,RST -j
log-tcp-state
# FIN is the only bit set, without the expected accompanying ACK
iptables -A tcp-state-flags -p tcp --tcp-flags ACK,FIN FIN -j log-tcp-state
# PSH is the only bit set, without the expected accompanying ACK
iptables -A tcp-state-flags -p tcp --tcp-flags ACK,PSH PSH -j log-tcp-state
# URG is the only bit set, without the expected accompanying ACK
iptables -A tcp-state-flags -p tcp --tcp-flags ACK,URG URG -j log-tcp-state
Cheers
Steve...
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 267.15.12/265 - Release Date: 20/02/2006
More information about the Beds
mailing list