Re: Can IPTABLES stop port scans by NMAP?

voyager123bg_at_gmail.com
Date: 03/22/05

• Next message: Villy Kruse: "Re: I am unable to exit from vi to the linux command prompt."
• Previous message: Doug Laidlaw: "Re: I am unable to exit from vi to the linux command prompt."
• In reply to: RockLinux: "Re: Can IPTABLES stop port scans by NMAP?"
• Next in thread: Julia Thorne: "Re: Can IPTABLES stop port scans by NMAP?"
• Reply: Julia Thorne: "Re: Can IPTABLES stop port scans by NMAP?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 22 Mar 2005 05:10:45 -0800

RockLinux wrote:
> sylo@perknet.net wrote:
> > Can you configure IPTABLES on Fedora to stop port scans that are
> > performed with nmap?
> >
> > If the answer is yes how to you do this?
> >
> > Also can you return bogus data to an nmap scan? If the answer is
yes
> > how do you do this?
> >
> > thanks for an answer(s)

Surely it can, with that fancy -m limit thing... Yep, you can make your
computer to return bogus data to *any* scanner in the big bad world
which is scanning your machine... Iīve seen machines with 65536 ports
open.. ;). I donīt know how *exactly* they did it (what soft/options),
but i can tell you the theory that stands in the background. So.. when
someone(A) wants to communicate with (B) it sends : (A) -syn-> (B) and
when (B) recieves that syn packet, it sends back a reply (B) -ack->
(A), then (A) -syn+ack-> (B) and the link is up :). Scanners don īt
reply back (nmap -sS) that syn+ack thing, But more interesting is the
second part: If (A) recieves ack from (B), then scanner deduces scanned
port on (B) for open, so it says it is open. I have to go now, sorry i
canīt give more info... hope this helps :)

---

• Next message: Villy Kruse: "Re: I am unable to exit from vi to the linux command prompt."
• Previous message: Doug Laidlaw: "Re: I am unable to exit from vi to the linux command prompt."
• In reply to: RockLinux: "Re: Can IPTABLES stop port scans by NMAP?"
• Next in thread: Julia Thorne: "Re: Can IPTABLES stop port scans by NMAP?"
• Reply: Julia Thorne: "Re: Can IPTABLES stop port scans by NMAP?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second ... > I found out that by default nmap doesn't scan every ... > port (before that I thought every port is scanned ... the very port you are connecting to. ... New versions of the Nmap Security Scanner can be found at ... (Incidents) Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second ... When Nmap (or many ... > other applications, such as Telnet) does a connectcall, the OS is ... > supposed to choose a good souce port to bind to for the connection. ... I saw a familiar "Connection reset by peer" every time the random port ... (Incidents) Re: Yes, trying to hack a remote control ... I attempted a telnet into that port, and it asked for a username/pass, ... and then upload a modified firmware to the remote. ... The latest versions of nmap have a feature whereby you can run scans ... (Security-Basics) Re: how nmap can know my firewalled servers ? ... UDP or ICMP protocol), it will mark the port as closed. ... descrition, how NMAP determins, if the UDP port is open or closed. ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ... (Security-Basics) Re: FW: baby pen-test question ... I ALWAYS do an nmap sweep of varying degrees. ... As for testing a large network, I primarily base my efforts on the mission ... My first question is about port scanning. ... This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.os.linux.security  > 2005-03