Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Iptables doesn't block SYN-FIN packets?

From: Dave Watkins <firewallwizards () snorks dyndns org>
Date: Fri, 01 Feb 2002 18:00:46 +1300
Try this
iptables -A INPUT -i $EXT_IFACE -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT 

obviously change $EXT_IFACE and set to DROP

At 10:42 31/01/2002 -0600, Ascent - Compton, Richard wrote:

Hello,
I'm running an iptables firewall and I thought that everything was well but
my snort logs are recording SYN-FIN portscans getting through.
I have two questions:
Is anyone here familiar with the problem of iptables not blocking SYN-FIN
packets?
Nmap doesn't seem to do SYN-FIN scans. Is there a portscanner that you guys
know about that I could use to test the effectiveness of my firewall?

Thanks,
Rich Compton
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: