>From today's edition of BugTraq. I am forwarding this post as some of us
are still using kernel 2.0.x series, and this may interest them.
--Indra.
----------
From: Salvatore Sanfilippo -antirez- <[EMAIL PROTECTED]>
To:
Subject: to prevert port scanning in linux 2.0.x
Date: Saturday, July 17, 1999 4:18 PM
Hi,
It seems that some bugtraq readers still runs linux 2.0.3[67].
In order to prevent SYN, FIN, Xmas, NULL tcp scan and
maybe connect() scan (for exaple it's true with nmap,
false with strobe) it's possible to apply this kernel patch.
This stupid patch change the sequence
SYN ---> closed port
<--- RST
to
SYN ---> closed port
<--- SYN|ACK
ACK --->
<--- RST
and answers RST to FIN, Xmas and NULL tcp flags even
if the port is open, like win*.
If an attacker scans a patched host it gets all
ports are open, so it gets nothing.
The patch is tested on linux 2.0.36, maybe it's
good even for 2.0.37.
bye,
antirez
--
Salvatore Sanfilippo - antirez - [EMAIL PROTECTED]
try hping: http://www.kyuzz.org/antirez [EMAIL PROTECTED]
antiscan-patch
