Defeating NMAP Null scans (and Nessus scans).
alexeyt at freeshell.org
Wed Jun 22 22:37:02 CEST 2005
On Wed, 22 Jun 2005, Taylor, Grant wrote:
> # Drop any Null scan packets.
> iptables -t filter -A FORWARD -i $INet -o $LAN -p tcp --tcp-flags ALL NONE -j DROP
> # We could put any matches for any other type of scan that we wanted to here too.
> # Allow any stateful traffic back in.
> iptables -t filter -A FORWARD -i $INet -o $LAN -m state --state ESTABLISHED,RELATED -j ACCEPT
TCP packets without flags are possible during a normal TCP connection, you
don't want to drop them. --state ESTABLISHED,RELATED would never let in
NULL scans anyway, because a NULL scan won't establish a valid TCP
connection before it sends flagless packets.
More information about the netfilter