On Wednesday 17 December 2003 13:31, Afra, Ziad (London) wrote: > So whats the syntax to block TCP connect() and SYN?
Okay, let's try to be a bit more polite ;) If a service should be available to the internet, then you must not block a (legal) TCP connect() to the port associated with this service, hence you can not "block" a scanner using connect(). However, those scans will show up in your logs. Additionally you can try to block portscanner by timeing, esp. the new source tracking will assist you with that. > Interesting that you say that given the fact that when I scan a linux redhat > machine running iptables it doesn't report any ports open (when there are > services running on ports < 1024). No, iptables can not block portscanner and allow regular traffic at the same time ... And yes, building a firewall w/o (at least) basic knowledge of IP, TCP and friends won't work - as long as you need something more then clicking "enable firewall" in a fancy redhat or microsoft configuration tool, that is. -- Best regards, | [EMAIL PROTECTED] Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] #DragonFlyBSD
