Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- My recipe on detecting and blocking of abnormal scanning by means of iptables in Linux
- 20 Июл
- Long ago didn’t write itself, I want to be corrected.
- Today it will be a question of detecting and blocking of abnormal scanning by means of iptables in the Linux operating system.
- Since recipes of my blog use without the instruction me as the primary source (and without references to my articles), placing, besides, similar information backdating, I promise that it is the last my help to you, fans of plagiarism.
- Described below rules are collected by me from various, not Russian-speaking, sources, but all together, in that look in which they will be brought by me, you won’t find on one resource in the Internet. However information provided on a tyyuning of a network stack of Windows in the section MS Platforms on this site, is also unique and doesn’t meet anywhere in that look in which it is given by me.
- I will not pour to no purpose water, we will pass to business.
- I suggest to make the following changes to your tables iptables:
- iptables -t filter -A INPUT -p tcp –tcp-flags ALL NONE -j LOG –log-prefix “Stealth scan: 0 DROP “
- iptables -t filter -A INPUT -p tcp –tcp-flags ALL NONE -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags ALL ALL -j LOG –log-prefix “Stealth scan: 1 DROP “
- iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags ALL FIN,URG,PSH -j LOG –log-prefix “Stealth scan: 2 DROP “
- iptables -t filter -A INPUT -p tcp –tcp-flags ALL FIN,URG,PSH -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags ALL SYN,RST,ACK,FIN,URG -j LOG –log-prefix “Stealth scan: 3 DROP “
- iptables -t filter -A INPUT -p tcp –tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,RST SYN,RST -j LOG –log-prefix “Stealth scan: 4 DROP“
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,RST SYN,RST -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN SYN,FIN -j LOG –log-prefix “Stealth scan: 5 DROP“
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN SYN,FIN -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags FIN,ACK FIN -j LOG –log-prefix “6 Stealth scan”
- iptables -t filter -A INPUT -p tcp –tcp-flags FIN,ACK FIN -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG,PSH PSH -j LOG –log-prefix “7 Abnormal steal”
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG,PSH PSH -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG URG -j LOG –log-prefix “8 Abnormal scan”
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG URG -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK FIN -j LOG –log-prefix “A9bnormal scan”
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK FIN -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK NONE -j LOG –log-prefix “10 Abnormal scan”
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK NONE -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG,PSH SYN,FIN,URG,PSH -j LOG –log-prefix “11 Abnormal sc$
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG,PSH SYN,FIN,URG,PSH -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG,PSH FIN,URG,PSH -j LOG –log-prefix “12 Abnormal scan”
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG,PSH FIN,URG,PSH -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags ACK,URG URG -j LOG –log-prefix “13 Abnormal scan”
- iptables -t filter -A INPUT -p tcp –tcp-flags ACK,URG URG -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags ALL FIN -j LOG –log-prefix “14 Abnormal scan”
- iptables -t filter -A INPUT -p tcp –tcp-flags ALL FIN -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags FIN,RST FIN,RST -j LOG –log-prefix “15 Abnormal scan”
- iptables -t filter -A INPUT -p tcp –tcp-flags FIN,RST FIN,RST -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags ACK,PSH PSH -j LOG –log-prefix “16 Abnormal scan”
- iptables -t filter -A INPUT -p tcp –tcp-flags ACK,PSH PSH -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,ACK,FIN,RST SYN -j LOG –log-prefix “17 Abnormal scan”
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,ACK,FIN,RST SYN -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,URG SYN,URG -j LOG –log-prefix “18 Abnormal scan”
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,URG SYN,URG -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags FIN,SYN,RST,ACK SYN -j LOG –log-prefix “19 Abnormal scan”
- iptables -t filter -A INPUT -p tcp –tcp-flags FIN,SYN,RST,ACK SYN -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,PSH SYN,FIN,PSH -j LOG –log-prefix “20 Abnormal scan”
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,PSH SYN,FIN,PSH -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST SYN,FIN,RST -j LOG –log-prefix “21 Abnormal scan”
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST SYN,FIN,RST -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,PSH SYN,FIN,RST,PSH -j LOG –log-prefix “22 Abnormal scan”
- iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,PSH SYN,FIN,RST,PSH -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags ALL SYN,PSH -j LOG –log-prefix “23 Abnormal scan”
- iptables -t filter -A INPUT -p tcp –tcp-flags ALL SYN,PSH -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags ALL SYN,ACK,PSH -j LOG –log-prefix “24 Abnormal scan”
- iptables -t filter -A INPUT -p tcp –tcp-flags ALL SYN,ACK,PSH -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags ACK,FIN FIN -j LOG –log-prefix “25 Abnormal scan”
- iptables -t filter -A INPUT -p tcp –tcp-flags ACK,FIN FIN -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags ALL RST -j LOG –log-prefix “26 Abnormal scan”
- iptables -t filter -A INPUT -p tcp –tcp-flags ALL RST -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags ALL RST,ACK -j LOG –log-prefix “27 Abnormal scan”
- iptables -t filter -A INPUT -p tcp –tcp-flags ALL RST,ACK -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags ALL ACK,PSH,RST -j LOG –log-prefix “28 Abnormal scan”
- iptables -t filter -A INPUT -p tcp –tcp-flags ALL ACK,PSH,RST -j DROP
- iptables -t filter -A INPUT -p tcp –tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j LOG –log-prefix “29 Abnormal scan”
- iptables -t filter -A INPUT -p tcp –tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
- As you see only 29 chains. It is possible to add this list with several more chains, but they will break normal functioning of a network stack of your penguin and can be used only at station in a configuration with means of detecting and preventive reaction of network invasion. Therefore by me they it is brought won’t be.
- It is worth to remember also about ways тmюнига a network stack means of sysctrl which are more richly presented, in comparison with possibilities of a network stack of MS Windows. By means of means of sysctrl you can protect even more your defoltny тюкс.
- I promise you to please still with something in the future.
- Good luck! And to new meetings!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement