10 iptables rules to help secure your Linux box
Feb 20, 2009, 15:31 (0 Talkback[s])
(Other stories by Jack Wallen)
"8: iptables -N port-scan
"This is the beginning of a rule to block furtive port scanning.
A furtive port scan is a scan that detects closed ports to deduce
open ports. Two more lines are needed to complete this rule:
"iptables -A port-scan -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m
limit --limit 1/s -j RETURN
iptables -A port-scan -j DROP
"Notice that the above rule set is adding a new chain called
"port-scan". You don;t have to name it such; it's just easier to
keep things organized. You can also add timeouts to the above rule
set like so:
"iptables -A specific-rule-set -p tcp --syn -j syn-flood
iptables -A specific-rule-set -p tcp --tcp-flags SYN,ACK,FIN,RST
RST -j port-scan
Complete
Story
Related Stories:
- 5 Best Linux/BSD Firewall Tools(Dec 17, 2008)
- Security: A Low Intensity, Distributed Bruteforce Attempt(Dec 02, 2008)
- Blocking Zombie Spam Netblocks(Dec 01, 2008)
- Video: Mastering IPTables, Final Installment(Nov 05, 2008)
- Video: Mastering Iptables, part 2
(Oct 19, 2008)
- Video: Mastering IPTables, Part I(Oct 08, 2008)
- Set up Your Firewall With Firewall Builder(Aug 14, 2008)
- psad: Linux Detect And Block Port Scan Attacks In Real Time(Aug 12, 2008)
