LinuxQuestions.org - Need iptables rule for nmap pp test

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Need iptables rule for nmap pp test (https://www.linuxquestions.org/questions/linux-security-4/need-iptables-rule-for-nmap-pp-test-4175517104/)

Need iptables rule for nmap pp test

nmap PP test shows that host is up;

Do we have any iptables rules for port scanning, to block the host MAC and status of the host on to linux server where the DoS attack is made?

Quote:

Originally Posted by gprathap1121@gmail.com (Post 5231007)

Do we have any iptables rules for port scanning,

No, but there's tools like iptables "-m limit", mod_security, fail2ban, Snort, PSAD. (Don't use PortSentry though.)
And please don't focus on port scanning but on regular maintenenance, hardening and auditing.

Quote:

Originally Posted by gprathap1121@gmail.com (Post 5231007)

to block the host MAC and

MAC addresses don't leave the LAN so that won't work.

Quote:

Originally Posted by gprathap1121@gmail.com (Post 5231007)

status of the host

What do you mean?

Quote:

Originally Posted by gprathap1121@gmail.com (Post 5231007)

on to linux server where the DoS attack is made?

Please provide details of that or talk to your upstream provider.

When below nmap port scanning is started on the DUT.
sudo nmap -v -PP de.vi.ce.ip -oN nmaplog.txt

It shows that the device is UP and running.

Output of the nmap test:
Nmap scan report for 169.27.182.54
Host is up (0.00084s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
5555/tcp open freeciv
MAC Address: F0:DE:42:67:31:DC (Unknown)

Read data files from: /usr/share/nmap

My query is, can we block the device host status using iptables netfilter rules?

See 'man nmap', the "Host Discovery" part about which techniques nmap uses for discovery?