RSS

My recipe on detecting and blocking of abnormal scanning by means of iptables in Linux

20 Июл

Long ago didn’t write itself, I want to be corrected.

Today it will be a question of detecting and blocking of abnormal scanning by means of iptables in the Linux operating system.

Since recipes of my blog use without the instruction me as the primary source (and without references to my articles), placing, besides, similar information backdating, I promise that it is the last my help to you, fans of plagiarism.

Described below rules are collected by me from various, not Russian-speaking, sources, but all together, in that look in which they will be brought by me, you won’t find on one resource in the Internet. However information provided on a tyyuning of a network stack of Windows in the section MS Platforms on this site, is also unique and doesn’t meet anywhere in that look in which it is given by me.

I will not pour to no purpose water, we will pass to business.

I suggest to make the following changes to your tables iptables:

iptables -t filter -A INPUT -p tcp –tcp-flags ALL NONE -j LOG –log-prefix “Stealth scan: 0 DROP “
iptables -t filter -A INPUT -p tcp –tcp-flags ALL NONE -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags ALL ALL -j LOG –log-prefix “Stealth scan: 1 DROP “
iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags ALL FIN,URG,PSH -j LOG –log-prefix “Stealth scan: 2 DROP “
iptables -t filter -A INPUT -p tcp –tcp-flags ALL FIN,URG,PSH -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags ALL SYN,RST,ACK,FIN,URG -j LOG –log-prefix “Stealth scan: 3 DROP “
iptables -t filter -A INPUT -p tcp –tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,RST SYN,RST -j LOG –log-prefix “Stealth scan: 4 DROP“
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,RST SYN,RST -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN SYN,FIN -j LOG –log-prefix “Stealth scan: 5 DROP“
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags FIN,ACK FIN -j LOG –log-prefix “6 Stealth scan”
iptables -t filter -A INPUT -p tcp –tcp-flags FIN,ACK FIN -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG,PSH PSH -j LOG –log-prefix “7 Abnormal steal”
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG,PSH PSH -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG URG -j LOG –log-prefix “8 Abnormal scan”
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG URG -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK FIN -j LOG –log-prefix “A9bnormal scan”
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK FIN -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK NONE -j LOG –log-prefix “10 Abnormal scan”
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK NONE -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG,PSH SYN,FIN,URG,PSH -j LOG –log-prefix “11 Abnormal sc$
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG,PSH SYN,FIN,URG,PSH -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG,PSH FIN,URG,PSH -j LOG –log-prefix “12 Abnormal scan”
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,ACK,URG,PSH FIN,URG,PSH -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags ACK,URG URG -j LOG –log-prefix “13 Abnormal scan”
iptables -t filter -A INPUT -p tcp –tcp-flags ACK,URG URG -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags ALL FIN -j LOG –log-prefix “14 Abnormal scan”
iptables -t filter -A INPUT -p tcp –tcp-flags ALL FIN -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags FIN,RST FIN,RST -j LOG –log-prefix “15 Abnormal scan”
iptables -t filter -A INPUT -p tcp –tcp-flags FIN,RST FIN,RST -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags ACK,PSH PSH -j LOG –log-prefix “16 Abnormal scan”
iptables -t filter -A INPUT -p tcp –tcp-flags ACK,PSH PSH -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,ACK,FIN,RST SYN -j LOG –log-prefix “17 Abnormal scan”
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,ACK,FIN,RST SYN -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,URG SYN,URG -j LOG –log-prefix “18 Abnormal scan”
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,URG SYN,URG -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags FIN,SYN,RST,ACK SYN -j LOG –log-prefix “19 Abnormal scan”
iptables -t filter -A INPUT -p tcp –tcp-flags FIN,SYN,RST,ACK SYN -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,PSH SYN,FIN,PSH -j LOG –log-prefix “20 Abnormal scan”
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,PSH SYN,FIN,PSH -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST SYN,FIN,RST -j LOG –log-prefix “21 Abnormal scan”
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST SYN,FIN,RST -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,PSH SYN,FIN,RST,PSH -j LOG –log-prefix “22 Abnormal scan”
iptables -t filter -A INPUT -p tcp –tcp-flags SYN,FIN,RST,PSH SYN,FIN,RST,PSH -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags ALL SYN,PSH -j LOG –log-prefix “23 Abnormal scan”
iptables -t filter -A INPUT -p tcp –tcp-flags ALL SYN,PSH -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags ALL SYN,ACK,PSH -j LOG –log-prefix “24 Abnormal scan”
iptables -t filter -A INPUT -p tcp –tcp-flags ALL SYN,ACK,PSH -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags ACK,FIN FIN -j LOG –log-prefix “25 Abnormal scan”
iptables -t filter -A INPUT -p tcp –tcp-flags ACK,FIN FIN -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags ALL RST -j LOG –log-prefix “26 Abnormal scan”
iptables -t filter -A INPUT -p tcp –tcp-flags ALL RST -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags ALL RST,ACK -j LOG –log-prefix “27 Abnormal scan”
iptables -t filter -A INPUT -p tcp –tcp-flags ALL RST,ACK -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags ALL ACK,PSH,RST -j LOG –log-prefix “28 Abnormal scan”
iptables -t filter -A INPUT -p tcp –tcp-flags ALL ACK,PSH,RST -j DROP
iptables -t filter -A INPUT -p tcp –tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j LOG –log-prefix “29 Abnormal scan”
iptables -t filter -A INPUT -p tcp –tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP

As you see only 29 chains. It is possible to add this list with several more chains, but they will break normal functioning of a network stack of your penguin and can be used only at station in a configuration with means of detecting and preventive reaction of network invasion. Therefore by me they it is brought won’t be.

It is worth to remember also about ways тmюнига a network stack means of sysctrl which are more richly presented, in comparison with possibilities of a network stack of MS Windows. By means of means of sysctrl you can protect even more your defoltny тюкс.

I promise you to please still with something in the future.

Good luck! And to new meetings!

Реклама
 

Метки: , , , , , ,

Обсуждение закрыто.