Security Basics mailing list archives

Re: Iptables Clues and Advices.

From: "Anduine Crow" <anduine () hotmail com>
Date: Wed, 09 Apr 2003 17:43:27 +0000

I'd like to back up the claim that "a legitimate user shall know which
services are provided, and hence, make connects to normaly open ports"

I've been using -j DROP since the old days of ipfwadm without having asingle "Legitimate" user complain. In addition, I add these rules at thevery end of my iptables script just to confuse scanners (using -I makesthese the very first rules the kernel evalutes):


$IPTABLES -I INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j badflags
$IPTABLES -I INPUT -p tcp --tcp-flags ALL ALL -j badflags
$IPTABLES -I INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j badflags
$IPTABLES -I INPUT -p tcp --tcp-flags ALL NONE -j badflags
$IPTABLES -I INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j badflags
$IPTABLES -I INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j badflags
$IPTABLES -I FORWARD -p tcp --tcp-flags ALL FIN,URG,PSH -j badflags
$IPTABLES -I FORWARD -p tcp --tcp-flags ALL ALL -j badflags
$IPTABLES -I FORWARD -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j badflags
$IPTABLES -I FORWARD -p tcp --tcp-flags ALL NONE -j badflags
$IPTABLES -I FORWARD -p tcp --tcp-flags SYN,RST SYN,RST -j badflags
$IPTABLES -I FORWARD -p tcp --tcp-flags SYN,FIN SYN,FIN -j badflags

Where "badflags" is:

$IPTABLES -N badflags

$IPTABLES -A badflags -m limit --limit 15/minute -j LOG --log-prefix"Badflags: "

$IPTABLES -A badflags -j DROP

my $.02


_________________________________________________________________

Protect your PC - get McAfee.com VirusScan Onlinehttp://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963



-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------

Current thread:

RE: Iptables Clues and Advices., (continued)
- - - RE: Iptables Clues and Advices. Benjamin Meade (Apr 09)
    - Re: Iptables Clues and Advices. Bryan S. Sampsel (Apr 09)
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: Iptables Clues and Advices. Bryan S. Sampsel (Apr 10)
    - Re: RE: Iptables Clues and Advices. Christian Friedl (Apr 09)
    - Re: Iptables Clues and Advices. Julien Royère (Apr 09)
    - Re: Iptables Clues and Advices. Jeff Harris (Apr 10)
    - DROP vs REJECT Re: Iptables Clues and Advices. Chris Travers (Apr 10)
    - VMware & WinXP Firegoblin Postmaster (Apr 12)
- RE: Iptables Clues and Advices. Allan Schon (Apr 09)
- Re: Iptables Clues and Advices. Chris Berry (Apr 10)
- Re: Iptables Clues and Advices. Anduine Crow (Apr 10)
  - Re: Iptables Clues and Advices. Vic Ricker (Apr 10)
- Re: Iptables Clues and Advices. Anduine Crow (Apr 14)