Defeating NMAP Null scans (and Nessus scans).
Kirk
kirk at nuk.teteny.elte.hu
Thu Jun 30 11:47:25 CEST 2005
>>>>
>>>> what we want is for the firewall to be imune to invalid packets
>>>> generated by
>>>> these kinds of scans, yes? to not give out port information when
>>>> hits with
>>>
hi
i'm using an alternate method to be a bit immune to these scans, i've found it about a year ago googling ;)
it isn't matches on syn/other flags, it requires that the packet must hava the 2 tcp option ;)
and it's working fine, all operating systems are sending they mtu in the syn packet only
$ipt -p tcp --tcp-option ! 2 -j DROP #REJECT --reject-with tcp-reset
kirk
More information about the netfilter
mailing list