RE: Preventing port scanning using iptables ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If you set the policy of the INPUT and FORWARD chains to DROP and only allow connection to ports you need from IP's that need to access these ports, you're automagically protected against portscans. Iptables will drop all connections to ports you have not opened, and the scanner will not know anything about them. Any ports you have opened will be visible to scanners ofcourse.
 
-Sietse

________________________________

From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx on behalf of Ruprecht Helms
Sent: Sat 05-Aug-06 9:14
To: Elvir Kuric
Cc: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: Re: Preventing port scanning using iptables ?



Elvir Kuric schrieb:
> Hi all,
>  I am trying to implement proper firewall to my
> network using iptables
> and I  have to admit that I am amazing by amount of
> iptables features
> it offers.
>  But I can not understand is there any way to prevent
> port scanning
> using iptables?

Yes by checking the tcp-flags. The connections are not established
because only the port is checked if it is reachabele.

Regards,
Ruprecht

-------------------------------------------------------------------
Ruprecht Helms IT-Service & Softwareentwicklung
             let worktools be individual

Web: http://www.rheyn.de <http://www.rheyn.de/> 






[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux