Security Basics mailing list archives
nmap scan eats the bandwidth !!
From: "J. Bakshi" <bakshi12 () gmail com>
Date: Sat, 22 Aug 2009 10:55:53 +0530
Dear list, nmap scan " nmap -P0 -vvv <server IP>" makes my server connection super slow !!! I have the following iptables rule sets to cope with port scanners ````````` #explicitly disable ECN if [ -e /proc/sys/net/ipv4/tcp_ecn ] then echo 0 > /proc/sys/net/ipv4/tcp_ecn fi ## SYN-FLOODING PROTECTION iptables -N syn-flood iptables -A INPUT -i $IFACE -p tcp --syn -j syn-flood iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN iptables -A syn-flood -j DROP ## Make sure NEW tcp connections are SYN packets iptables -A INPUT -i $IFACE -p tcp ! --syn -m state --state NEW -j DROP ## FRAGMENTS iptables -A INPUT -i $IFACE -f -j LOG --log-prefix "IPTABLES FRAGMENTS: " iptables -A INPUT -i $IFACE -f -j DROP #XMAS packets #Incoming malformed XMAS packets. Drop them: iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP #Drop all NULL packets #Incoming malformed NULL packets: iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP #block commonly used port-scanning technique. iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,URG,PSH -j LOG \ --log-prefix "NMAP-XMAS SCAN:" --log-tcp-options --log-ip-options iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j LOG \ --log-prefix "NMAP-NULL SCAN:" --log-tcp-options --log-ip-options iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j LOG \ --log-prefix "SYN/RST SCAN:" --log-tcp-options --log-ip-options iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG \ --log-prefix "SYN/FIN SCAN:" --log-tcp-options --log-ip-options iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP #XMAS packets #Incoming malformed XMAS packets. Drop them: iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP #Drop all NULL packets #Incoming malformed NULL packets: iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP ## malformed packets iptables -A INPUT -i $IFACE -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP iptables -A INPUT -i $IFACE -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP iptables -A INPUT -i $IFACE -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP iptables -A INPUT -i $IFACE -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP iptables -A INPUT -i $IFACE -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP iptables -A INPUT -i $IFACE -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP ```````````````` Now whenever I run nmap on that server from my local box; the apache, email etc has become very very very slow. Obviously nmap takes loooong to discover the open ports. But the bandwidth penalty of the server is really not acceptable. Why is this happening ? What else I need to fight with port scanner and make the bandwidth normal against these types of scans ? Please enlighten me. Thanks ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- nmap scan eats the bandwidth !! J. Bakshi (Aug 25)
- Re: nmap scan eats the bandwidth !! Nelu Tand (Aug 26)