On 05.08.2006, at 15:41, Sietse van Zanen wrote:
If you set the policy of the INPUT and FORWARD chains to DROP and only
allow connection to ports you need from IP's that need to access these
ports, you're automagically protected against portscans. Iptables will
drop all connections to ports you have not opened, and the scanner
will not know anything about them. Any ports you have opened will be
visible to scanners ofcourse.
Just for the record: there is a side effect the dropping behaviour.
While not exposing whether the port is open or closed, show some
scanners will conclude that there is a filter. If you want the scanner
to think the ports are closed, you could issue send back a port
unreachable packet (-j REJECT --reject-with icmp-port-unreachable)
Baltasar
--
Baltasar Cevc
_____ former 03 gmbh
_____ infanteriestraße 19 haus 6 eg
_____ D-80797 muenchen
_____ http://www.former03.de
