Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 10-08-2012, 03:44 AM   #1
Registered: Aug 2011
Location: Chennai,India
Distribution: Redhat,Centos,Ubuntu,Dedian
Posts: 558
Blog Entries: 5

Rep: Reputation: Disabled
which is the best practice to block nmap scan on my server using iptables (r) puffy


I Read out O'Reilly's Network Security Hacks.The documents mentions nmap scanning of server is security vulnerability.

So im trying to block the nmap scanning on my server .I just want to know, which is the best method, everybody are using to block nmap scan on there server .

I had found two method to block nmap scan using iptables & puffy method.Required advise from security expert which method is better practice to follow.

These the pf.conf file currently im using off.Currently im completely unware of following setting which i had pasted out in my /etc/pf.conf.But it seems to works fine on development machine

Before moving to production i just seek expert advise.Whether the following setting cause any problem in development server

vi /etc/pf.conf

set block-policy return

block in log quick proto tcp flags FUP/WEUAPRSF
block in log quick proto tcp flags WEUAPRSF/WEUAPRSF
block in log quick proto tcp flags SRAFU/WEUAPRSF
block in log quick proto tcp flags /WEUAPRSF
block in log quick proto tcp flags SR/SR
block in log quick proto tcp flags SF/SF

Last edited by jsaravana87; 10-08-2012 at 03:48 AM.
Old 10-08-2012, 09:56 AM   #2
Senior Member
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 779Reputation: 779Reputation: 779Reputation: 779Reputation: 779Reputation: 779Reputation: 779
My first comment, or rather question, is in regards to your rules and the mention of PF. PF is the firewall for BSD and these look like rules for it. Are you running BSD or Linux? I am asking because you also mention IPTables, which is the firewall for Linux.

Second, please keep in mind that blocking port scans won't buy you much in terms of security. It is absolutely critical that you still protect any services that you are running. With the above caveat in mind, there are a couple of techniques for blocking scans. Some techniques are designed to counter stealth scan techniques. Personally, I would use rate limiting and if too many connections are established in a short period of time, which indicates a potential scan, I would block their traffic for a period of time. This article has a pretty good discussion of this subject including why the stealth techniques fail against a standard nmap scan.
1 members found this post helpful.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Block nmap port scan bkcreddy17 Linux - Security 5 12-05-2008 12:31 PM
Nmap scan results shivanrathore Linux - Security 2 10-21-2008 08:23 AM
LXer: Learn how to use nmap, and nmap GUI, a great port scan tool LXer Syndicated Linux News 0 01-03-2008 10:10 AM
nmap scan sucram2g Linux - Security 2 03-18-2006 03:21 AM
nmap scan loganwva Linux - Security 5 02-25-2003 08:16 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:45 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration