LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-08-2012, 03:44 AM   #1
arun5002
Member
 
Registered: Aug 2011
Location: Chennai,India
Distribution: Redhat,Centos,Ubuntu,Dedian
Posts: 549
Blog Entries: 5

Rep: Reputation: Disabled
which is the best practice to block nmap scan on my server using iptables (r) puffy


Hi,

I Read out O'Reilly's Network Security Hacks.The documents mentions nmap scanning of server is security vulnerability.

So im trying to block the nmap scanning on my server .I just want to know, which is the best method, everybody are using to block nmap scan on there server .

I had found two method to block nmap scan using iptables & puffy method.Required advise from security expert which method is better practice to follow.

These the pf.conf file currently im using off.Currently im completely unware of following setting which i had pasted out in my /etc/pf.conf.But it seems to works fine on development machine

Before moving to production i just seek expert advise.Whether the following setting cause any problem in development server


vi /etc/pf.conf

set block-policy return

block in log quick proto tcp flags FUP/WEUAPRSF
block in log quick proto tcp flags WEUAPRSF/WEUAPRSF
block in log quick proto tcp flags SRAFU/WEUAPRSF
block in log quick proto tcp flags /WEUAPRSF
block in log quick proto tcp flags SR/SR
block in log quick proto tcp flags SF/SF

Last edited by arun5002; 10-08-2012 at 03:48 AM.
 
Old 10-08-2012, 09:56 AM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
My first comment, or rather question, is in regards to your rules and the mention of PF. PF is the firewall for BSD and these look like rules for it. Are you running BSD or Linux? I am asking because you also mention IPTables, which is the firewall for Linux.

Second, please keep in mind that blocking port scans won't buy you much in terms of security. It is absolutely critical that you still protect any services that you are running. With the above caveat in mind, there are a couple of techniques for blocking scans. Some techniques are designed to counter stealth scan techniques. Personally, I would use rate limiting and if too many connections are established in a short period of time, which indicates a potential scan, I would block their traffic for a period of time. This article has a pretty good discussion of this subject including why the stealth techniques fail against a standard nmap scan.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Block nmap port scan bkcreddy17 Linux - Security 5 12-05-2008 12:31 PM
Nmap scan results shivanrathore Linux - Security 2 10-21-2008 08:23 AM
LXer: Learn how to use nmap, and nmap GUI, a great port scan tool LXer Syndicated Linux News 0 01-03-2008 10:10 AM
nmap scan sucram2g Linux - Security 2 03-18-2006 03:21 AM
nmap scan loganwva Linux - Security 5 02-25-2003 08:16 PM


All times are GMT -5. The time now is 04:17 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration