I want to add some rules to my iptables to prevent port scanning, how can I do this?
I find some solution but it's not efficient.
Asked
Active
Viewed 9,214 times
2 Answers
3
The best bet is having a default drop policy in iptables and then only allowing what's required. Something like:
# Drop all packets by default. iptables -P INPUT DROP # Allow preexisting connections iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow SSH from 192.0.2.0/24 iptables -A INPUT -p tcp -s 192.0.2.0/24 --destination-port 22 -i eth0 -j ACCEPT # Allow HTTP from all iptables -A INPUT -p tcp --destination-port 80 -i eth0 -j ACCEPT
It won't stop people from doing portscans, but it will mean that all they'll see is port 80 open.
Niall Donegan
- 3,859
- 19
- 17
-
it didn't that do what I want :(, your solution force me to open specific ports – Amirreza Mar 12 '11 at 05:24
-
There's no way to block port scans specifically without blocking legitimate traffic. All you can do is make sure that as little as possible is open to the public and that it's well secured. The above script does a default "DROP" rather than "REJECT". A "REJECT" would tell the port scanner that the port is closed straight away. The DROP wastes their time by making the scanner have to waste a certain amount of time before moving onto another port. – Niall Donegan Mar 12 '11 at 12:05
0
For nmap port scanning, you can check the following answer: iptables Tips & Tricks
I'm not familiar with Hping, but if Hping uses NULLflags, the answer I've linked above should also work.