begin quote On Tue, 05 Aug 2003 14:55:31 -0500 "Mike Bellemare" <[EMAIL PROTECTED]> wrote:
> > hi > I've build myself a firewall with iptables. > it's working great and all, except that using nmap to check how to see > if i could see some difference on the OS detection option, and it's > doing none. > > Remote operating system guess: Linux kernel 2.4.18 - 2.4.20 (X86) > as i read somewhere on the internet, it's more secure if you're hiding > the OS running on the web server. Does anyone knows how to block my > server to deliver such informations? Nope, there is no such unless you do iptables -t nat -A PREROUTING -i outside_interface -m match --match ESTABLISHED--jump ACCEPT iptables -t nat -A PREROUTING -i outside_interface -m match --match RELATED--jump ACCEPT iptables -t nat -A PREROUTING -i outside_interface --jump DROP Which should drop most things, even empty SYN or RST packets. (prerouting is done before anything, even INPUT. ) //Spider > i'd like too to know if there's a way to make iptables to log > unsucceful and succesful connections on my IP adress. > > another thing...does anyone has some programs or ways to check if my > server is secure (on the connection side). > > thanks > > M.B > > -- > ______________________________________________ > http://www.linuxmail.org/ > Now with e-mail forwarding for only US$5.95/yr > > Powered by Outblaze > > -- > [EMAIL PROTECTED] mailing list > -- begin .signature This is a .signature virus! Please copy me into your .signature! See Microsoft KB Article Q265230 for more information. end
pgp00000.pgp
Description: PGP signature
