iptables and nmap scan
Xander Soldaat
Xander@Soldaat.com
Wed, 09 Feb 2000 22:03:36 +0100
Hi there,
This is my first post to this list.
I haven't been using iptables for all that long but something I noticed
is that with all firewall policies set to DROP, an nmap scan will still
reveal a lot of info about the target host. (using -sN)
I did some tcpdumps and noticed that the packets that came in on that
NIC had no flags set.
Would it be possible to block such scans by blocking any and all packets
that do not have a flag set and do not belong to an already established
connection? I assume this would be feasible with the ip_conntrack or
ipt_state module or something.
I am by no means an expert in this field, but I thought I'd throw in my
2C's worth.
Sincerely,
Xander