[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] how do I build iptable-protection for scanners like nmap
On Monday 26 May 2003 18:01, Ruprecht Helms wrote:
> how have I to write a iptablerule to protect my box against portscanning
> with tools like nmap.
You can make it more difficult for them, forcing them to use more time
scanning ports, making the results of the port scan less clear. Might not
always be possible of course.
If you offer public services (like web server), a firewall won't protect you
much against exploits against the web server. A script kiddie wanting to use
a SSL exploit on an Apache server, might just scan for port 80/443, and if
you offer those services to the public, not much todo about the scan as such.
The author of the book "Linux Firewalls 2nd ed" has a website
http://linux-firewall-tools.com/linux/ where you may find the iptable rules
he used in his book, as well as links to other resources. In his scripts
you'll find example rules to stop common type of "stealth scans" for
One place to put such rules in SuSEfirewall2 is in the file
/etc/sysconfig/scripts/SuSEfirewall2-custom, at least too have some logging
of scannings as such.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here