« Linux Kernel Explore With GDB
Nessus On CentOS »

Block Port Scanning With Iptables

March 5, 2009 by hejian

I wrote down some rules to block commonly used port scanning technique. The rules are below:

$IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,URG,PSH -j LOG \
--log-prefix "NMAP-XMAS SCAN:" --log-tcp-options --log-ip-options
$IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j LOG \
--log-prefix "NMAP-NULL SCAN:" --log-tcp-options --log-ip-options
$IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j LOG \
--log-prefix "SYN/RST SCAN:" --log-tcp-options --log-ip-options
$IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG \
--log-prefix "SYN/FIN SCAN:" --log-tcp-options --log-ip-options
$IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP
$IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP

Tags: , , ,

Uncategorized
RSS 2.0
trackback

Leave a Reply

You must be logged in to post a comment.

Wordpress template made by HeJian