> > from one tutorial, here's the lines that deal with > > syn-flooding protection: > > > > iptables -N syn-flood > > iptables -A INPUT -i $IFACE -p tcp --syn -j syn-flood > > iptables -A syn-flood -m limit --limit 1/s --limit-burst > 4 -j RETURN > > iptables -A syn-flood -j DROP I've just been playing with that, too. Well, I couldn't stop scans like nmap -sS -P0 -T Insane ip.address -p 21,22,25,80 However, 'nmap -sS -P0 -T Polite ip.address' works fine with this --limit specification above. How am I going to stop something like that? Thanks, philipp
