LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-03-2006, 12:12 PM   #1
sarajevo
Member
 
Registered: Apr 2005
Distribution: Debian, OpenBSD,Fedora,RedHat
Posts: 228
Blog Entries: 1

Rep: Reputation: 31
Preventing port scanning using iptables, is this possible?


Hi all,

I am hoping all of you had or having now summer holidays . I wish you good time.
I had summer holiday and now am back to my job, and I am trying to make self made firewall using iptables. Personally I thing iptables is so powerful tool in linux world and I like it very much. But there is one think I can not realise and it is how prohibit port scanning on particular machine using iptables package. I mean is it possible to make some ports on machine do not response on port scanners like nmap and similar? Hipoteticaly I want to make some rules on firewall to make my system persistent on port scanning.

So if anybody out there know how to do this, or know right urls, books, or similar stuff, will help me a lot if write them down on this forum.

Thanks in advance.

Regards

Last edited by sarajevo; 08-03-2006 at 12:13 PM.
 
Old 08-03-2006, 02:53 PM   #2
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
Yes, it's possible. Simple -j DROP results in no response to a packet. Most scripts I know (and have written, too) use it as default for closed ports.

And an example code for SYN flood (also scan) protection:
Code:
SYN_LIMIT="5/s"
SYN_BURST="10"

$IPTABLES -A INPUT -p tcp --syn -m limit --limit $SYN_LIMIT --limit-burst $SYN_BURST -j ACCEPT
$IPTABLES -A INPUT -p tcp --syn -j WEHAVEASYNFLOOD
 
Old 08-07-2006, 01:20 AM   #3
primo
Member
 
Registered: Jun 2005
Posts: 542

Rep: Reputation: 34
There are 2 great tutorials at http://www.frozentux.net/

If you setup a firewall with a deny-by-default policy and stateful filtering, it's easy to prevent port scans. Make sure you DROP (instead of REJECT) those packets so your machine won't ellicit TCP RST's and ICMP DEST-UNREACH packets that give information on closed ports, thus slowing their scan. You may also temporarily block the offenders' IP's... Just make sure they aren't trying to block you from a known IP, though. I wouldn't recommend this option.

You may use sysctl's in addition to iptables.
See: /usr/src/linux/Documentation/networking/ip-sysctl.txt

Code:
# Note: SYN/FIN's are legitimate with T/TCP, though
# they may be used for TCP/IP OS fingerprinting, not a big deal anyway.
echo 1 > /proc/sys/net/ipv4/tcp_ignore_synfin

# TCP SYN flood protection
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

# Note: TCP Timestamps (RFC 1323) may disclose our uptime information
# but they're used to protect against wrapping sequence numbers.
# Enable it if you're using a fast connection
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Port scanning? muppski Linux - Security 6 07-01-2005 06:44 PM
Preventing IP Spoofing through IPTABLES bkankur Linux - Security 8 02-27-2005 08:13 PM
Iptables Preventing Access lappen Linux - Security 3 12-21-2003 05:53 PM
port scanning johncla Linux - Networking 1 05-02-2001 04:09 AM
Port Scanning tfrye Linux - Security 2 03-24-2001 10:43 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration