Re: [suse-security] how do I build iptable-protection for scanners like nmap

[Sigfred Håversen <suselist@xxxxxxxxx>]

On Monday 26 May 2003 18:01, Ruprecht Helms wrote:
> Hi,
>
> how have I to write a iptablerule to protect my box against portscanning
> with tools like nmap.
>
> Regards,
> Ruprecht

You can make it more difficult for them, forcing them to use more time 
scanning ports, making the results of the port scan less clear. Might not 
always be possible of course.

If you offer public services (like web server), a firewall won't protect you 
much against exploits against the web server. A script kiddie wanting to use 
a SSL exploit on an Apache server, might just scan for port 80/443, and if 
you offer those services to the public, not much todo about the scan as such.

The author of the book "Linux Firewalls 2nd ed" has a website 
http://linux-firewall-tools.com/linux/  where you may find the iptable rules 
he used in his book, as well as links to other resources. In his scripts 
you'll find example rules to stop common type of "stealth scans" for 
ip-table.

One place to put such rules in SuSEfirewall2 is in the file 
/etc/sysconfig/scripts/SuSEfirewall2-custom, at least too have some logging 
of scannings as such.

Cheers,
Sigfred.





-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here