Hello,
I have been doing some testing on an ipchains/iptables firewall
lately and I have a question reguarding scans and their effect on
firewalls. Such as with nmap -sA.
Lets say you have a firewall ruleset that no
incoming connections are allowed except tcp reply packets.
for example --
ipchains -A input -p tcp ! -y -i $PPPint -d $PPPip/32 1024:65535 -j ACCEPT
As you know that once a packet like the one above is received an RST is
sent in response. This can help determine if firewall is up and which
ports are allowing established connections in, etc. To my knowledge, I
know that you can deter this with stateful rules but I was wondering for
those of use that still have an ipchians firewall running what security
ramifications does this have other than mapping of your ports? Can an
attacker do something more wiht this? Is it unsafe to only use the "-y"
flag?
Thanks in advance,
Sam
I have been doing some testing on an ipchains/iptables firewall
lately and I have a question reguarding scans and their effect on
firewalls. Such as with nmap -sA.
Lets say you have a firewall ruleset that no
incoming connections are allowed except tcp reply packets.
for example --
ipchains -A input -p tcp ! -y -i $PPPint -d $PPPip/32 1024:65535 -j ACCEPT
As you know that once a packet like the one above is received an RST is
sent in response. This can help determine if firewall is up and which
ports are allowing established connections in, etc. To my knowledge, I
know that you can deter this with stateful rules but I was wondering for
those of use that still have an ipchians firewall running what security
ramifications does this have other than mapping of your ports? Can an
attacker do something more wiht this? Is it unsafe to only use the "-y"
flag?
Thanks in advance,
Sam