Hmm Interesting that you say that given the fact that when I scan a linux redhat machine running iptables it doesn't report any ports open (when there are services running on ports < 1024).
-----Original Message----- From: Dom De Vitto [mailto:[EMAIL PROTECTED] Sent: 17 December 2003 14:46 To: [EMAIL PROTECTED] Subject: RE: blocking nmap scans shutdown :-) Check the nmap documentation, then the pf.conf manual page. You need to understand why what you are asking for isn't possible. Also all the syntax is covered by "man pf.conf". Dom - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Dom De Vitto Tel. 07855 805 271 http://www.devitto.com mailto:[EMAIL PROTECTED] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Afra, Ziad (London) Sent: Wednesday, December 17, 2003 12:32 PM To: [EMAIL PROTECTED] Subject: RE: blocking nmap scans So whats the syntax to block TCP connect() and SYN? Thanks Z -----Original Message----- From: Tiago Pierezan Camargo [mailto:[EMAIL PROTECTED] Sent: 17 December 2003 09:47 To: [EMAIL PROTECTED] Subject: Re: blocking nmap scans > block in log quick on $ext_if inet proto tcp from any to any flags > FUP/FUP > block in log quick on $ext_if inet proto tcp from any to any flags > SF/SFRA > block in log quick on $ext_if inet proto tcp from any to any flags > /SFRA Those rules only block FIN, Xmas and NULL scans. TCP connect() and SYN scans work as usual. -- Tiago Pierezan Camargo <elessar at matrix.com.br> (o_.' The boozy penguin says: //\c{} "VI VI VI The editor of the beast." V__)_
