Security Basics mailing list archives
Re: Iptables Clues and Advices.
From: "Anduine Crow" <anduine () hotmail com>
Date: Wed, 09 Apr 2003 17:43:27 +0000
I'd like to back up the claim that "a legitimate user shall know which services are provided, and hence, make connects to normaly open ports"I've been using -j DROP since the old days of ipfwadm without having a single "Legitimate" user complain. In addition, I add these rules at the very end of my iptables script just to confuse scanners (using -I makes these the very first rules the kernel evalutes):
$IPTABLES -I INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j badflags $IPTABLES -I INPUT -p tcp --tcp-flags ALL ALL -j badflags $IPTABLES -I INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j badflags $IPTABLES -I INPUT -p tcp --tcp-flags ALL NONE -j badflags $IPTABLES -I INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j badflags $IPTABLES -I INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j badflags $IPTABLES -I FORWARD -p tcp --tcp-flags ALL FIN,URG,PSH -j badflags $IPTABLES -I FORWARD -p tcp --tcp-flags ALL ALL -j badflags $IPTABLES -I FORWARD -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j badflags $IPTABLES -I FORWARD -p tcp --tcp-flags ALL NONE -j badflags $IPTABLES -I FORWARD -p tcp --tcp-flags SYN,RST SYN,RST -j badflags $IPTABLES -I FORWARD -p tcp --tcp-flags SYN,FIN SYN,FIN -j badflags Where "badflags" is: $IPTABLES -N badflags$IPTABLES -A badflags -m limit --limit 15/minute -j LOG --log-prefix "Badflags: "
$IPTABLES -A badflags -j DROP my $.02 _________________________________________________________________Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. -------------------------------------------------------------------
Current thread:
- RE: Iptables Clues and Advices., (continued)
- RE: Iptables Clues and Advices. Benjamin Meade (Apr 09)
- Re: Iptables Clues and Advices. Bryan S. Sampsel (Apr 09)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Iptables Clues and Advices. Bryan S. Sampsel (Apr 10)
- Re: RE: Iptables Clues and Advices. Christian Friedl (Apr 09)
- Re: Iptables Clues and Advices. Julien Royère (Apr 09)
- Re: Iptables Clues and Advices. Jeff Harris (Apr 10)
- DROP vs REJECT Re: Iptables Clues and Advices. Chris Travers (Apr 10)
- VMware & WinXP Firegoblin Postmaster (Apr 12)
- Re: Iptables Clues and Advices. Vic Ricker (Apr 10)