widyachacra wrote:
Dear List friends,
When i scan my own domain from an out side host using 'nmap' tool it
shows following results. How do i block this kind of tracing using
linux. Please help me.
You don't. There's no difference between a scanner connecting to a particular
port to determine if something listening on it and a legitimate user connecting
to that port in order to use that service. However, there are various ways to
slow it down.
The "easiest" method is to just use -P DROP on your INPUT chain in iptables,
which causes iptables to simply drop any incoming packets that aren't explicitly
allowed, which means that the person on the other end has to wait for the TCP
timeout for each packet sent instead of immediately getting a "there's nothing
here" response.
Another way is with iptables's limit module. It allows you to only allow a
certain number of new connection attempts (or any other kind of packet) from a
certain host (or group of hosts) within a certain time period. This will have a
similar effect to the previous method.
The only truly effective way (that I'm aware of) to prevent these port scans is
to have no ports open to scan.
--
Andrew Gaffney http://dev.gentoo.org/~agaffney/
Gentoo Linux Developer Catalyst/Installer + x86 release coordinator
--
[email protected] mailing list
