On Thu, 4 Jan 2001, Burke, Thomas G. wrote:
> Why not just reject packets on the port where they scan? I imagine they
> usually scan the same port number.
>
> ie:
> # Back Orifice
> $IPCHAINS -A input -l -p tcp -s $ALLADDR -d $EXTERNAL_NET 31337 -j DENY
> $IPCHAINS -A input -l -p udp -s $ALLADDR -d $EXTERNAL_NET 31337 -j DENY
>
> This blocks the entire outside world from accessing port 31337 (and logs it)
>
> I think you can use port ranges by using a hyphen, but I'm not absolutely
> sure 'bout that. That'd be of the form:
>
> $IPCHAINS -A input -l -p tcp -s $ALLADDR -d $EXTERNAL_NET 0-500 -j DENY
> $IPCHAINS -A input -l -p udp -s $ALLADDR -d $EXTERNAL_NET 0-500 -j DENY
>
> Although, I imagine that might break a lot of stuff...
>
> There is also a destination port argument, but I'm not sure if this'll work:
> $IPCHAINS -A input -l -p tcp -s $ALLADDR -d $EXTERNAL_NET -dport 0-500 -j
> DENY
>
> Actually, I'd imagine this one'd be closer:
> $IPCHAINS -A input -l -p tcp -i $EXTERNAL_IF --destination-port 0-500 -j
> DENY
> $IPCHAINS -A input -l -p udp -i $EXTERNAL_IF --destination-port 0-500 -j
> DENY
>
> I hve no way to test this at the moment, but these are my inclinations...
> Anyone else have any inputs?
>
Use a colon instead of a hyphen for a range of ports.
--destination-port 0:500 instead of --destination-port 0-500
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
