API tools faq
paste
Advertisement
Guest User

Detect abnormal traffic from attackers over TCP protocol

a guest
Oct 30th, 2016
81
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.22 KB | None | 0 0
raw download clone embed print report
  1. My recipe on detecting and blocking of abnormal scanning by means of iptables in Linux
  2. 20 Июл
  3.  
  4. Long ago didn’t write itself, I want to be corrected.
  5.  
  6. Today it will be a question of detecting and blocking of abnormal scanning by means of iptables in the Linux operating system.
  7.  
  8. Since recipes of my blog use without the instruction me as the primary source (and without references to my articles), placing, besides, similar information backdating, I promise that it is the last my help to you, fans of plagiarism.
  9.  
  10. Described below rules are collected by me from various, not Russian-speaking, sources, but all together, in that look in which they will be brought by me, you won’t find on one resource in the Internet. However information provided on a tyyuning of a network stack of Windows in the section MS Platforms on this site, is also unique and doesn’t meet anywhere in that look in which it is given by me.
  11.  
  12. I will not pour to no purpose water, we will pass to business.
  13.  
  14. I suggest to make the following changes to your tables iptables:
  15.  
  16. iptables -t filter -A INPUT -p tcp –tcp-flags ALL NONE -j LOG –log-prefix “Stealth scan: 0 DROP “
  17. iptables -t filter -A INPUT -p tcp –tcp-flags ALL NONE -j DROP
  18. iptables -t filter -A INPUT -p tcp –tcp-flags ALL ALL -j LOG –log-prefix “Stealth scan: 1 DROP “
  19. iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP
  20. iptables -t filter -A INPUT -p tcp –tcp-flags ALL FIN,URG,PSH -j LOG –log-prefix “Stealth scan: 2 DROP “
  21. iptables -t filter -A INPUT -p tcp –tcp-flags ALL FIN,URG,PSH -j DROP
  22. iptables -t filter -A INPUT -p tcp –tcp-flags ALL SYN,RST,ACK,FIN,URG -j LOG –log-prefix “Stealth scan: 3 DROP “
  23. iptables -t filter -A INPUT -p tcp –tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
  24. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,RST SYN,RST -j LOG –log-prefix “Stealth scan: 4 DROP“
  25. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,RST SYN,RST -j DROP
  26. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN SYN,FIN -j LOG –log-prefix “Stealth scan: 5 DROP“
  27. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN SYN,FIN -j DROP
  28. iptables -t filter -A INPUT -p tcp –tcp-flags FIN,ACK FIN -j LOG –log-prefix “6 Stealth scan”
  29. iptables -t filter -A INPUT -p tcp –tcp-flags FIN,ACK FIN -j DROP
  30. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG,PSH PSH -j LOG –log-prefix “7 Abnormal steal”
  31. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG,PSH PSH -j DROP
  32. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG URG -j LOG –log-prefix “8 Abnormal scan”
  33. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG URG -j DROP
  34. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK FIN -j LOG –log-prefix “A9bnormal scan”
  35. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK FIN -j DROP
  36. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK NONE -j LOG –log-prefix “10 Abnormal scan”
  37. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK NONE -j DROP
  38. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG,PSH SYN,FIN,URG,PSH -j LOG –log-prefix “11 Abnormal sc$
  39. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG,PSH SYN,FIN,URG,PSH -j DROP
  40. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG,PSH FIN,URG,PSH -j LOG –log-prefix “12 Abnormal scan”
  41. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG,PSH FIN,URG,PSH -j DROP
  42. iptables -t filter -A INPUT -p tcp –tcp-flags ACK,URG URG -j LOG –log-prefix “13 Abnormal scan”
  43. iptables -t filter -A INPUT -p tcp –tcp-flags ACK,URG URG -j DROP
  44. iptables -t filter -A INPUT -p tcp –tcp-flags ALL FIN -j LOG –log-prefix “14 Abnormal scan”
  45. iptables -t filter -A INPUT -p tcp –tcp-flags ALL FIN -j DROP
  46. iptables -t filter -A INPUT -p tcp –tcp-flags FIN,RST FIN,RST -j LOG –log-prefix “15 Abnormal scan”
  47. iptables -t filter -A INPUT -p tcp –tcp-flags FIN,RST FIN,RST -j DROP
  48. iptables -t filter -A INPUT -p tcp –tcp-flags ACK,PSH PSH -j LOG –log-prefix “16 Abnormal scan”
  49. iptables -t filter -A INPUT -p tcp –tcp-flags ACK,PSH PSH -j DROP
  50. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,ACK,FIN,RST SYN -j LOG –log-prefix “17 Abnormal scan”
  51. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,ACK,FIN,RST SYN -j DROP
  52. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,URG SYN,URG -j LOG –log-prefix “18 Abnormal scan”
  53. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,URG SYN,URG -j DROP
  54. iptables -t filter -A INPUT -p tcp –tcp-flags FIN,SYN,RST,ACK SYN -j LOG –log-prefix “19 Abnormal scan”
  55. iptables -t filter -A INPUT -p tcp –tcp-flags FIN,SYN,RST,ACK SYN -j DROP
  56. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,PSH SYN,FIN,PSH -j LOG –log-prefix “20 Abnormal scan”
  57. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,PSH SYN,FIN,PSH -j DROP
  58. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST SYN,FIN,RST -j LOG –log-prefix “21 Abnormal scan”
  59. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST SYN,FIN,RST -j DROP
  60. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,PSH SYN,FIN,RST,PSH -j LOG –log-prefix “22 Abnormal scan”
  61. iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,PSH SYN,FIN,RST,PSH -j DROP
  62. iptables -t filter -A INPUT -p tcp –tcp-flags ALL SYN,PSH -j LOG –log-prefix “23 Abnormal scan”
  63. iptables -t filter -A INPUT -p tcp –tcp-flags ALL SYN,PSH -j DROP
  64. iptables -t filter -A INPUT -p tcp –tcp-flags ALL SYN,ACK,PSH -j LOG –log-prefix “24 Abnormal scan”
  65. iptables -t filter -A INPUT -p tcp –tcp-flags ALL SYN,ACK,PSH -j DROP
  66. iptables -t filter -A INPUT -p tcp –tcp-flags ACK,FIN FIN -j LOG –log-prefix “25 Abnormal scan”
  67. iptables -t filter -A INPUT -p tcp –tcp-flags ACK,FIN FIN -j DROP
  68. iptables -t filter -A INPUT -p tcp –tcp-flags ALL RST -j LOG –log-prefix “26 Abnormal scan”
  69. iptables -t filter -A INPUT -p tcp –tcp-flags ALL RST -j DROP
  70. iptables -t filter -A INPUT -p tcp –tcp-flags ALL RST,ACK -j LOG –log-prefix “27 Abnormal scan”
  71. iptables -t filter -A INPUT -p tcp –tcp-flags ALL RST,ACK -j DROP
  72. iptables -t filter -A INPUT -p tcp –tcp-flags ALL ACK,PSH,RST -j LOG –log-prefix “28 Abnormal scan”
  73. iptables -t filter -A INPUT -p tcp –tcp-flags ALL ACK,PSH,RST -j DROP
  74. iptables -t filter -A INPUT -p tcp –tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j LOG –log-prefix “29 Abnormal scan”
  75. iptables -t filter -A INPUT -p tcp –tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
  76.  
  77. As you see only 29 chains. It is possible to add this list with several more chains, but they will break normal functioning of a network stack of your penguin and can be used only at station in a configuration with means of detecting and preventive reaction of network invasion. Therefore by me they it is brought won’t be.
  78.  
  79. It is worth to remember also about ways тmюнига a network stack means of sysctrl which are more richly presented, in comparison with possibilities of a network stack of MS Windows. By means of means of sysctrl you can protect even more your defoltny тюкс.
  80.  
  81. I promise you to please still with something in the future.
  82.  
  83. Good luck! And to new meetings!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!