LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-02-2014, 12:46 AM   #1
gprathap1121@gmail.com
LQ Newbie
 
Registered: Jun 2014
Posts: 20

Rep: Reputation: Disabled
Need iptables rule for nmap pp test


nmap PP test shows that host is up;

Do we have any iptables rules for port scanning, to block the host MAC and status of the host on to linux server where the DoS attack is made?
 
Old 09-06-2014, 04:33 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Quote:
Originally Posted by gprathap1121@gmail.com View Post
Do we have any iptables rules for port scanning,
No, but there's tools like iptables "-m limit", mod_security, fail2ban, Snort, PSAD. (Don't use PortSentry though.)
And please don't focus on port scanning but on regular maintenenance, hardening and auditing.


Quote:
Originally Posted by gprathap1121@gmail.com View Post
to block the host MAC and
MAC addresses don't leave the LAN so that won't work.


Quote:
Originally Posted by gprathap1121@gmail.com View Post
status of the host
What do you mean?


Quote:
Originally Posted by gprathap1121@gmail.com View Post
on to linux server where the DoS attack is made?
Please provide details of that or talk to your upstream provider.
 
Old 09-08-2014, 08:18 AM   #3
gprathap1121@gmail.com
LQ Newbie
 
Registered: Jun 2014
Posts: 20

Original Poster
Rep: Reputation: Disabled
When below nmap port scanning is started on the DUT.
sudo nmap -v -PP de.vi.ce.ip -oN nmaplog.txt

It shows that the device is UP and running.

Output of the nmap test:
Nmap scan report for 169.27.182.54
Host is up (0.00084s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
5555/tcp open freeciv
MAC Address: F0E:42:67:31C (Unknown)

Read data files from: /usr/share/nmap

My query is, can we block the device host status using iptables netfilter rules?
 
Old 09-08-2014, 01:13 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
See 'man nmap', the "Host Discovery" part about which techniques nmap uses for discovery?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables: rule with RETURN target just after a rule with ACCEPT target Nerox Linux - Networking 6 09-04-2011 04:33 PM
Using Nmap to test firewall/IDS systems anusha Linux - Security 4 01-21-2008 05:50 PM
Where can I get an external nmap test? CodeFish Linux - Security 2 01-23-2005 12:15 PM
Snort, test rule, ADV - Webpopup unSpawn Linux - Security 0 01-22-2003 08:00 PM
Snort, test rule, XST unSpawn Linux - Security 0 01-22-2003 07:53 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:58 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration