ACK scanning question ipchians/iptables
Sam Vaughan
yamaneko@centurytel.net
Wed, 11 Jul 2001 17:15:14 -0700 (PDT)
Hello,
I have been doing some testing on an ipchains/iptables firewall
lately and I have a question reguarding ACK scans and their effect on
firewalls. Such as with nmap -sA.
Lets say you have a firewall ruleset that no
incoming connections are allowed except tcp reply packets.
for example --
ipchains -A input -p tcp ! -y -i $PPPint -d $PPPip/32 1024:65535 -j ACCEPT
As you know that once a packet like the one above is received an RST is
sent in response. This can help determine if firewall is up and which
ports are allowing established connections in, etc. To my knowledge, I
know that you can deter this with stateful rules but I was wondering for
those of use that still have an ipchians firewall running what security
ramifications does this have other than mapping of your ports? Can an
attacker do something more this?
Thanks in advance,
Sam