In the interest of sharing.. I'ld like to show how I stop portscanning. Please take note about this and my method. It's for a NATed network on a home cable line. If you want to open services to the world they should preceed these lines. This is a very hard nosed way to stop portscanning and any other types of connections to your computer. Please note that you may want to add other protcols to the list as well if you use this method.. such as IGMP etc etc This does stop any and all of NMAPs cuurrent scans. # NMAP and Connection killer # # iptables -A INPUT -p tcp -i eth0 -m state --state NEW -j LOG iptables -A INPUT -p tcp -i eth0 -m state --state NEW,INVALID -j DROP iptables -A INPUT -p tcp -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT # UDP Filters # #iptables -A INPUT -p udp -i eth0 -m state --state NEW,INVALID -j LOG iptables -A INPUT -p udp -i eth0 -m state --state NEW,INVALID -j DROP iptables -A INPUT -p udp -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT # ICMP Filtration # iptables -A INPUT -p icmp -i eth0 -m state --state NEW,INVALID -j DROP iptables -A INPUT -p icmp -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT SBlaze ===== In the absence of order there will be chaos. __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree
