iptables and port scan detection
From:Date: 10/29/02
- Next message: Wolfgang Schelongowski: "(no subject)"
- Previous message: : "SSH and motd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Oct 2002 03:56:31 +1000
Either the various portscans I constantly recieve have suddenly stopped, or
the firewall is blocking them before they reach portsentry. Is there a way
to permit information in, yet still show the system as stealthed? (There
are some open ports, so I want to be able to block an IP temporarially,
before their scan finds any of the open ports)
Furthermore, the firewall makes it difficult to stealth everything, and yet
still be able to run programs which need to open up temporary listening
ports. Can an iptables rule be set to match any new connection to a
non-listening port?
Also, I've seen rules thrown about for all sorts of strange tcp flags and
addresses. What rules for strange behaviour do people use?
- Next message: Wolfgang Schelongowski: "(no subject)"
- Previous message: : "SSH and motd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
