On Wed, 9 Jun 2004 08:43:08 -0700 Hudson Delbert J Contr 61 CS/SCBN <Delbert.Hudson@xxxxxxxxxxxxxxxxx> wrote: > Why would one care about ho many ports get scanned as long as your rulesets > cover the ones you care about + other ports discovered as you go. > as long as you CYA, it wong get sunburned. > > ~piranha > > -----Original Message----- > From: netfilter-admin@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]On Behalf Of Raileanu > Grigore > Sent: Wednesday, June 09, 2004 3:32 AM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Re: port scan identification > > > On Wed, 09 Jun 2004 11:33:59 +0200 > Rakotomandimby Mihamina <rktmb.list@xxxxxxxxxx> wrote: > > > Hello > > > > I try to set correctly up my firewall ans would need your help on one > > thing : > > > > I have this rule : > > [...] > > iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST \ > > -j LOG --log-level debug --log-prefix 'p_scan_: ' > > [...] > > > > and i see this when i tail the output file : > > > > [...] > > Jun 8 22:52:32 milina kernel: p_scan_: IN=ppp0 OUT= MAC= > > SRC=81.220.171.201 DST=81.248.95.56 LEN=40 TOS=0x00 PREC=0x00 TTL=54 > > ID=45424 PROTO=TCP SPT=4391 DPT=80 WINDOW=0 RES=0x00 RST URGP=0 > > [...] > > > > Well . According to me, a port scan is the action to scan _all_ the > > ports ... why is the port scan identified as only scaning the 80th port > > ? I mean, a port scan should not be on one port only ... isn't it ? > > > > -- > > Rakotomandimby Mihamina Andrianifaharana > > Tel : +33 2 38 76 43 65 > > http://stko.dyndns.info/site_principal/Members/mihamina > > > > > > Try to use psd , from patch-o-matic patches. > > http://www.iptables.org/downloads.html#pomng-20040302 > > You can create a rule like this: > > iptables -A INPUT -p ALL -m psd -j LOG --log-level DEBUG --log-prefix > "PORTSCAN:" > You can tune PSD accuracy, and other parameters. Look at this: http://www.iptables.org/patch-o-matic/pom-base.html#pom-base-psd -- Best regards, Raileanu Grigore mail: grisha at unixro dot net phone: +40 742759147
