port scan detection on server
Tapas Mishra
mightydreams at gmail.com
Sat Nov 20 12:10:36 UTC 2010
On Fri, Nov 19, 2010 at 8:53 PM, Mark Foster <mark at foster.cc> wrote:
>>
> http://sourceforge.net/projects/sentrytools/
>
Ok I was reading some thing more about guides available on internet
here I found a useful page
http://www.ossramblings.com/using_iptables_rate_limiting_to_prevent_portscans
but for the above link some one suggested me
"if you do go down this path then you should make sure you have TCP
SYN cookies enabled (while understanding the implications), and that
your rules match SYN packets specifically (not just packets in state
NEW). Otherwise, you'd have created a brand new denial-of-service
vulnerability on your server."
Is that correct?
What is the harm in going the IPTABLES way of stopping port scans.(I
have rate limited IPTABLES)
--
http://mightydreams.blogspot.com
More information about the ubuntu-server
mailing list