On Wednesday 05 November 2003 2:44 pm, Leandro Takashi Hirano wrote:
> > 2. One packet per second will be ACCEPTed. What happens to the other
> > packets (and whether anything gets returned to the scanner) depends on
> > the other rules following this one in the chain.
>
> OK, one packet per second will be ACCEPTed, but aren´t the other packets
> going to be DROPed?
As I said, that depends on what rules follow this one in the chain. You can
DROP the packets, you can REJECT the packets - you can even ACCEPT them if
you want to!
> > 3. The rule only applies to packets with RST set, and SYN, ACK, FIN
> > clear. Therefore it will incfluence the outcome of a RST port scan,
> > but have no effect on a FIN scan, or a SYN scan.
>
> Do I have also to create a rule for FIN scan and SYN scan?
If you want to block those types of scan, then yes.
> Do you have some port scanners rules to show me? (and other protection
> rules too)
Tell me what you want to do and I may be able to show you a rule which does
it.
Personally I simply DROP all packets which I don't want to allow.
> > I think in order to answer your question we first need to know:
> >
> > - what response do you want someone to get when they attempt to port
> > scan your system?
>
> no answer....
Okay.
Antony.
--
I love deadlines. I love the whooshing noise they make as they go by.
- Douglas Noel Adams
Please reply to the list;
please don't CC me.
