From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JF7dW-0002Qq-Ro for garchives@archives.gentoo.org; Wed, 16 Jan 2008 12:44:55 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6C414E0901; Wed, 16 Jan 2008 12:44:53 +0000 (UTC) Received: from mtai02.charter.net (mtai02.charter.net [209.225.8.182]) by pigeon.gentoo.org (Postfix) with ESMTP id 403F1E0901 for ; Wed, 16 Jan 2008 12:44:53 +0000 (UTC) Received: from aarprv06.charter.net ([10.20.200.76]) by mtai02.charter.net (InterMail vM.7.08.03.00 201-2186-126-20070710) with ESMTP id <20080116124453.XATD19704.mtai02.charter.net@aarprv06.charter.net> for ; Wed, 16 Jan 2008 07:44:53 -0500 Received: from agaffney.org ([68.188.61.127]) by aarprv06.charter.net with ESMTP id <20080116124452.AKV14098.aarprv06.charter.net@agaffney.org> for ; Wed, 16 Jan 2008 07:44:52 -0500 Received: from [192.168.0.10] (kagome [192.168.0.10]) by agaffney.org (Postfix) with ESMTP id 760AB1E0004 for ; Wed, 16 Jan 2008 06:44:47 -0600 (CST) Message-ID: <478DFC3F.5040308@gentoo.org> Date: Wed, 16 Jan 2008 06:44:47 -0600 From: Andrew Gaffney User-Agent: Thunderbird 2.0.0.9 (X11/20080111) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-server@lists.gentoo.org Reply-to: gentoo-server@lists.gentoo.org MIME-Version: 1.0 To: gentoo-server@lists.gentoo.org Subject: Re: [gentoo-server] how to stop tracing References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Chzlrs: 0 X-Archives-Salt: 2dda87f8-7d15-4b3f-b9ba-8aedbb6d3983 X-Archives-Hash: 88ad573072e1bd5844db319c40274956 widyachacra wrote: > Dear List friends, > > When i scan my own domain from an out side host using 'nmap' tool it > shows following results. How do i block this kind of tracing using > linux. Please help me. You don't. There's no difference between a scanner connecting to a particular port to determine if something listening on it and a legitimate user connecting to that port in order to use that service. However, there are various ways to slow it down. The "easiest" method is to just use -P DROP on your INPUT chain in iptables, which causes iptables to simply drop any incoming packets that aren't explicitly allowed, which means that the person on the other end has to wait for the TCP timeout for each packet sent instead of immediately getting a "there's nothing here" response. Another way is with iptables's limit module. It allows you to only allow a certain number of new connection attempts (or any other kind of packet) from a certain host (or group of hosts) within a certain time period. This will have a similar effect to the previous method. The only truly effective way (that I'm aware of) to prevent these port scans is to have no ports open to scan. -- Andrew Gaffney http://dev.gentoo.org/~agaffney/ Gentoo Linux Developer Catalyst/Installer + x86 release coordinator -- gentoo-server@lists.gentoo.org mailing list