Defense against nmap tcp synchronise scans

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Assuming that a host does not require a Telnet service running in it, is it
 possible to create a fake telenet process that listens to the Telnet port  
and blocks all IP that tries to make a connection (TCP-SYN) with it ?? The  
attacker when tries to scan this host using nmap, it makes send a TCP-SYN t
o telnet port (not in all cases) , the host can now get the source IP and b
locks all connection from that IP. Will this defense concept work ???

Re: Defense against nmap tcp synchronise scans
On Mon, 22 Jul 2013 23:20:01 -0700, MELWIN JOSE wrote:

Quoted text here. Click to load it

iptables -A -p tcp --dport 23 -j REJECT is one solution.
  
Quoted text here. Click to load it

Doesn't make sense at all and is no defense concept.

cheers



Re: Defense against nmap tcp synchronise scans
Quoted text here. Click to load it

Google for portsentry. It's an ancient script/tool that does this.

Best regards
Thomas


--  

* Freelance Linux & BSD Systemengineer // IT Consultant *
-=- Homepage: http://www.bsd-solutions-duesseldorf.de -=-

Site Timeline