Re: NULL Scan issues or something else?

2013-02-05 Thread Mike Mestnik
This is exactly why a higher level interface should be considered. If you go about setting your own low level iptables rules then you would also have the task of testing those rules. I use shorewall and I've used firhol, both are good. Please consult there results(the tables they generate) for

Re: NULL Scan issues or something else?

2013-02-05 Thread Jérémie Marguerie
Le 5 févr. 2013 17:52, Daniel Curtis sidetripp...@gmail.com a écrit : I've added a rule to my iptables script, which is responsible for filtering --tcp-flags and INVALID state. After addition of this rule, I've noticed , that many IP addresses are trying to scan(?) my computer, but it is not

Re: NULL Scan issues or something else?

2013-02-05 Thread Jérémie Marguerie
Le 5 févr. 2013 23:03, Bartek Krajnik bar...@bmk-it.com a écrit : Hi, For ssh login attempts you can use program authfail (after 4 wrong login attempts it adds proper IP to netfilter with DROP rule sending notification to IP class owner from whois database). It sounds a bit overkill. Am I the

Re: NULL Scan issues or something else?

2013-02-05 Thread Bartek Krajnik
Hi, For ssh login attempts you can use program authfail (after 4 wrong login attempts it adds proper IP to netfilter with DROP rule sending notification to IP class owner from whois database). Jérémie Marguerie jere...@marguerie.org wrote: Le 5 févr. 2013 17:52, Daniel Curtis

Re: NULL Scan issues or something else?

2013-02-05 Thread Jason Fergus
On Tue, 2013-02-05 at 23:10 +, Jérémie Marguerie wrote: Le 5 févr. 2013 23:03, Bartek Krajnik bar...@bmk-it.com a écrit : Hi, For ssh login attempts you can use program authfail (after 4 wrong login attempts it adds proper IP to netfilter with DROP rule sending notification to IP

Re: NULL Scan issues or something else?

2013-02-05 Thread Jason R McGinn
If you want to be extra paranoid, hide your open ports with port knocking and have your clients run from a script that knocks the proper sequence before making the connection :-) Jay On Feb 5, 2013, at 19:10, Jérémie Marguerie jere...@marguerie.org wrote: Le 5 févr. 2013 23:03, Bartek

Re: NULL Scan issues or something else?

2013-02-05 Thread Kees de Jong
That, or just use OpenVPN.

Re: NULL Scan issues or something else?

2013-02-05 Thread Noah Meyerhans
On Tue, Feb 05, 2013 at 10:45:39PM +, Jérémie Marguerie wrote: You'll be scanned, many times a day, you'll also be bruteforced and however not normal, this is just noise. See also http://en.wikipedia.org/wiki/Internet_background_radiation signature.asc Description: Digital

Re: NULL Scan issues or something else?

2013-02-05 Thread Jason R McGinn
That with openvpn ;-) Jay On Feb 5, 2013, at 19:33, Kees de Jong keesdej...@gmail.com wrote: That, or just use OpenVPN.