Need iptables rule for nmap pp test

gprathap1121@gmail.com · 09-01-2014, 11:46 PM

nmap PP test shows that host is up;

Do we have any iptables rules for port scanning, to block the host MAC and status of the host on to linux server where the DoS attack is made?

unSpawn · 09-06-2014, 03:33 AM

Quote:

Originally Posted by gprathap1121@gmail.com

Do we have any iptables rules for port scanning,

No, but there's tools like iptables "-m limit", mod_security, fail2ban, Snort, PSAD. (Don't use PortSentry though.)
And please don't focus on port scanning but on regular maintenenance, hardening and auditing.

Quote:

Originally Posted by gprathap1121@gmail.com

to block the host MAC and

MAC addresses don't leave the LAN so that won't work.

Quote:

Originally Posted by gprathap1121@gmail.com

status of the host

What do you mean?

Quote:

Originally Posted by gprathap1121@gmail.com

on to linux server where the DoS attack is made?

Please provide details of that or talk to your upstream provider.

gprathap1121@gmail.com · 09-08-2014, 07:18 AM

When below nmap port scanning is started on the DUT.
sudo nmap -v -PP de.vi.ce.ip -oN nmaplog.txt

It shows that the device is UP and running.

Output of the nmap test:
Nmap scan report for 169.27.182.54
Host is up (0.00084s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
5555/tcp open freeciv
MAC Address: F0

E:42:67:31

C (Unknown)

Read data files from: /usr/share/nmap

My query is, can we block the device host status using iptables netfilter rules?

unSpawn · 09-08-2014, 12:13 PM

See 'man nmap', the "Host Discovery" part about which techniques nmap uses for discovery?