Re: Preventing port scanning using iptables ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 05.08.2006, at 15:41, Sietse van Zanen wrote:
If you set the policy of the INPUT and FORWARD chains to DROP and only allow connection to ports you need from IP's that need to access these ports, you're automagically protected against portscans. Iptables will drop all connections to ports you have not opened, and the scanner will not know anything about them. Any ports you have opened will be visible to scanners ofcourse.
Just for the record: there is a side effect the dropping behaviour. While not exposing whether the port is open or closed, show some scanners will conclude that there is a filter. If you want the scanner to think the ports are closed, you could issue send back a port unreachable packet (-j REJECT --reject-with icmp-port-unreachable)

Baltasar

--

Baltasar Cevc

_____ former 03 gmbh
_____ infanteriestraße 19 haus 6 eg
_____ D-80797 muenchen

_____ http://www.former03.de




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux