|
Defeat port scans
NULL scan (check ALL flags
, NONE must be set to match)
iptables -t mangle -A PREROUTING -p tcp --tcp-flags
ALL NONE -j DROP
NMAP FIN/URG/PSH (Xmas scan)
iptables -t nat -A PREROUTING -p tcp --tcp-flags
ALL FIN,URG,PSH -j DROP
SYN/RST Scan (check SYN and RST, both must be set to match
)
iptables -t nat -A PREROUTING -p tcp --tcp-flags
SYN,RST SYN,RST -j DROP
SYN/FIN Scan and FIN Scan
iptables -t nat -A PREROUTING -p tcp --tcp-flags
SYN,FIN SYN,FIN -j DROP
iptables -t nat -A PREROUTING -p tcp --tcp-flags ALL FIN -j DROP
|