Re: weird scans from port 80

From: Kasper Dupont (kasperd@daimi.au.dk)
Date: 01/19/03


From: Kasper Dupont <kasperd@daimi.au.dk>
Date: Sun, 19 Jan 2003 22:41:27 +0100

Don wrote:
>
> Yes but where is the fun in following the conventions of tcp/ip???

It is a good idea to play by the rules if you want it to work. Of
course if you have other intentions than getting something to work
it might of course be more fun to violate the rules.

> It is more fun and far more educational to try and bend or break
> the stack :-)

Of course, sometimes you have to break something to find out how
it works.

> We are hackers are we not?

Yes we are. (Those readers who does not understand the difference
between a hacker and a cracker, should just ignore those statements.)

> It is all about the learning!

To most of us yes. I do think a few people does not want to break
anything even if they can learn from it.

And BTW. I thought I'd mention a few helpful chains I use in my
iptables configuration. Unexpected incomming TCP packets are all
handled by my SLOWLOGREJECT chain.

-A LOGDROP -m limit --limit 1/minute --limit-burst 42 -j LOG --log-prefix "iptables DROP: "
-A LOGDROP -j DROP
-A LOGREJECT -m limit --limit 1/minute --limit-burst 42 -j LOG --log-prefix "iptables REJECT: "
-A LOGREJECT -p tcp -j REJECT --reject-with tcp-reset
-A LOGREJECT -p udp -j REJECT --reject-with icmp-port-unreachable
-A LOGREJECT -j REJECT --reject-with icmp-host-unreachable
-A SLOWLOGREJECT -m limit --limit 15/minute --limit-burst 10 -j LOGREJECT
-A SLOWLOGREJECT -j LOGDROP
-A LOGACCEPT -j LOG --log-prefix "iptables ACCEPT: "
-A LOGACCEPT -j ACCEPT

-- 
Kasper Dupont -- der bruger for meget tid på usenet.
For sending spam use mailto:aaarep@daimi.au.dk
for(_=52;_;(_%5)||(_/=5),(_%5)&&(_-=2))putchar(_);