|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] how do I build iptable-protection for scanners like nmap
From: Πλαστήρας Αθανάσιος (t.plastiras
gsis.gov.gr)
Date: Tue May 27 2003 - 00:27:10 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----- Original Message -----
From: "Sigfred Håversen" <suselistmumak.com>
To: <suse-securitysuse.com>
Sent: Monday, May 26, 2003 11:43 PM
Subject: Re: [suse-security] how do I build iptable-protection for scanners
like nmap
: On Monday 26 May 2003 21:52, Arjen de Korte wrote:
: > On Monday 26 May 2003 21:03, Sigfred Håversen wrote:
: > > Just buying a cheap DSL router, and let it function as some kind of
: > > "personal firewall", will help many people alot against
: > > misconfigurations.
: >
: > I think most users with at least two brain cells can manage to set the
: > single configuration parameter of the personal firewall.
:
: You are talking out of your ass.
:
: > For modem, ISDN
: > and DSL connections, it requires one mouse click to 'Activate Firewall'.
: > Easy enough.
:
: One click? From Yast?
:
:
: /Sigfred
:
:
Good Mornning...
To Drop Stealth Scan like nmap you can use the following rules in a simple
firewall with iptables:
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j
LOG --log-prefix "Stealth scan"
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
Thanos...
Athanasios Plastiras
Greece
Athens
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]