[Beds] IPTABLES

[Mark]

On Tue, 2006-02-21 at 17:36 +0000, Stephen Elliott wrote:
> Hi,
> 
> Does anyone know how I can block stealth scans with IPTABLES. I've put the
> following in place but it does not catch nmaps -sS scan.
> 

Have a default policy of DROP?

The way I understand it, -Ss sends packets with just the SYN flag set.
If you allow only those SYN (--state NEW) on authorised ports, and DROP
everything else, then you've done the job.

I don't understand the benefit of detecting all these specific cases ...