grsecurity forums

Skip to content

several iptables questions

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

several iptables questions

Postby truhla » Thu Nov 21, 2002 10:59 am

hello...

i have experienced many problems with
iptables stealth-blocking rules (tested in co-operation with nmap :)

1) how to block nmap stealth FIN SCAN ??
i have tried

iptables -A INPUT -d dest_ip -p tcp -m stealth --tcp-flags FIN SYN -j DROP ,

but doesn't work... and also, how to disable XMASS or NULL scan ?

2) is it possible to block such an nmap RPC scan ?

thanks a lot for any help...

truhla
[/b]
truhla
 
Posts: 2
Joined: Mon Aug 19, 2002 4:11 pm
Top

Postby spender » Sat Nov 23, 2002 4:18 pm

the stealth module won't stop those kinds of scans..it simply drops syns coming to unserved tcp ports, and drops udp packets coming to unserved udp ports. I think the "unclean" module can help you out with those though.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group
cron