SYN Stealth Scan
This is a discussion on SYN Stealth Scan within the Linux Networking forums, part of the Linux Forums category; Hi, I have written a firewall with iptables. Now I have a question regarding to SYN Stealth Scan! When I ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-02-2004
|
|||
|
|||
SYN Stealth Scan
Hi,
I have written a firewall with iptables. Now I have a question regarding to SYN Stealth Scan! When I am running Nmap with Syn Stealth Scan he always finds the services which I am running. I tried it with the following entry: iptables -A INPUT -p tcp --sport 22 ! --syn -j DROP. Nonetheless, it is possible to scan the service. Is there any possibility to drop this? When someone can tell me the right entry please! Thx, Bernd Roth 
|
|
05-03-2004
|
|||
|
|||
|
Re: SYN Stealth Scan
On Sun, 02 May 2004 21:05:10 GMT
"Bernd Roth" <bernd@chello.at> wrote: > Hi, > > I have written a firewall with iptables. > Now I have a question regarding to SYN Stealth Scan! > > When I am running Nmap with Syn Stealth Scan he always finds the services > which I am running. > I tried it with the following entry: > > iptables -A INPUT -p tcp --sport 22 ! --syn -j DROP. > Looks good > Nonetheless, it is possible to scan the service. > > Is there any possibility to drop this? > > When someone can tell me the right entry please! IMHO, there is no possability to block a scan on certain ports without disabling the service it offers. What you can do is, if a scan is detected, block every connection from there. But be warned, it can be forged, eg with ftp-bounce scan. Greets Chris
|
|
05-04-2004
|
|||
|
|||
|
Re: SYN Stealth Scan
Bernd Roth wrote:
> Hi, > > I have written a firewall with iptables. > Now I have a question regarding to SYN Stealth Scan! > > When I am running Nmap with Syn Stealth Scan he always finds the services > which I am running. > I tried it with the following entry: > > iptables -A INPUT -p tcp --sport 22 ! --syn -j DROP. > > Nonetheless, it is possible to scan the service. > You're blocking the source port here. You probably want to block the connection to the destination port 22 to keep the service at port 22 undisturbed. HTH Tauno Voipio tauno voipio @ iki fi
|
|
05-04-2004
|
|||
|
|||
|
Re: SYN Stealth Scan
On 2004-05-04, Tauno Voipio <tauno.voipio@iki.fi.NOSPAM.invalid> wrote:
> Bernd Roth wrote: >> Hi, >> >> I have written a firewall with iptables. >> Now I have a question regarding to SYN Stealth Scan! >> >> When I am running Nmap with Syn Stealth Scan he always finds the services >> which I am running. >> I tried it with the following entry: >> >> iptables -A INPUT -p tcp --sport 22 ! --syn -j DROP. >> >> Nonetheless, it is possible to scan the service. >> > > You're blocking the source port here. You probably want to > block the connection to the destination port 22 to > keep the service at port 22 undisturbed. > just to add my £0.02 http://support.metronet.co.uk/adsl/s...s/security.txt Something I wrote about stealthing ports.....please consider not doing so. Some poor tech guy at your ISP is going to get very annoyed. Cheers Alex
|
Linear Mode
