Hello Guys,
I'm setting up a firewall script based on iptables and I'd like, among other things, to filter all 'invalid' flag combinations, avoiding some portscanners and script kiddies. I've found on the internet a script consider these combinations as bad ones: --tcp-flags ALL FIN,URG,PSH --tcp-flags ALL ALL --tcp-flags ALL SYN,RST,ACK,FIN,URG --tcp-flags ALL NONE --tcp-flags SYN,RST SYN,RST --tcp-flags SYN,FIN SYN,FIN Reading a message from this mailing list, named "Re: How to Detect ACK w/o Active Connection", filtering: --tcp-flags ALL ACK -m state --state NEW was recomended. Question is: Is this list of 'bad flags' complete ? Is there any other 'bad' combination of TCP flags that should be also dropped ?? Sincerily, Leonardo Rodrigues ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/
