A voir également:
- Stopper les scan de ports
- Epson scan 2 ✓ - Forum Imprimante
- Scan comics ✓ - Forum Loisirs / Divertissements
- Genius scan - Télécharger - Organisation
- Nana scan vf - Forum Loisirs / Divertissements
- Lou scan - Forum eBook
5 réponses
Je ne connais pas trop debian, et je ne peux pas trop te conseiller là-dessus. Mais perso, j'utilise une mandrake avec shorewall(fw de mnf) et mes ports sont invisibles. On ne peut pas dire qu'ils soient non-scannables, tous les ports sur n'importe quel machine sont scannables, mais certains firewalls sont capables de détruire les paquets à l'arrivée, ce qui empeche une réponse à l'adresse d'envoi du paquet; c'est la regle DROP(je pense que c'est que tu voulais dire par "troppe", non?). Je pense que shorewall doit être disponible sur debian.
goshi
Messages postés
1371
Date d'inscription
dimanche 16 novembre 2003
Statut
Membre
Dernière intervention
14 août 2017
181
7 janv. 2004 à 13:19
7 janv. 2004 à 13:19
Il faut utiliser un bon firewall, pas plus compliqué que ca.
Microsoft ? C'est quoi ca ? Passez a linux et mozilla
Microsoft ? C'est quoi ca ? Passez a linux et mozilla
Oueh lol, je me suis trompé en écrivant ;-)
Je voulais qu'il fasse un drop à aux demandes syn des scanneurs.
Je ne veux pas changer iptables, surtout, j'ai passé beaucoup de temps à l'ameliorer lol.
Merci pour l'aide quand même !
Continuez à répondre, j'ai rien trouvé sur internet. :'-(
Je voulais qu'il fasse un drop à aux demandes syn des scanneurs.
Je ne veux pas changer iptables, surtout, j'ai passé beaucoup de temps à l'ameliorer lol.
Merci pour l'aide quand même !
Continuez à répondre, j'ai rien trouvé sur internet. :'-(
Je te donne l'exemple de mes iptables, cela t'aidera peut-être:
# Generated by iptables-save v1.2.8 on Wed Jan 7 20:00:17 2004
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:all2all - [0:0]
:common - [0:0]
:dynamic - [0:0]
:fw2net - [0:0]
:icmpdef - [0:0]
:net2fw - [0:0]
:newnotsyn - [0:0]
:ppp0_fwd - [0:0]
:ppp0_in - [0:0]
:reject - [0:0]
:shorewall - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p ! icmp -m state --state INVALID -j DROP
-A INPUT -i ppp0 -j ppp0_in
-A INPUT -j common
-A INPUT -j LOG --log-prefix "Shorewall:INPUT:REJECT:" --log-level info
-A INPUT -j reject
-A FORWARD -p ! icmp -m state --state INVALID -j DROP
-A FORWARD -i ppp0 -j ppp0_fwd
-A FORWARD -j common
-A FORWARD -j LOG --log-prefix "Shorewall:FORWARD:REJECT:" --log-level info
-A FORWARD -j reject
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p ! icmp -m state --state INVALID -j DROP
-A OUTPUT -o ppp0 -j fw2net
-A OUTPUT -j common
-A OUTPUT -j LOG --log-prefix "Shorewall:OUTPUT:REJECT:" --log-level info
-A OUTPUT -j reject
-A all2all -m state --state RELATED,ESTABLISHED -j ACCEPT
-A all2all -p tcp -m state --state NEW -m tcp ! --tcp-flags SYN,RST,ACK SYN -j newnotsyn
-A all2all -j common
-A all2all -j LOG --log-prefix "Shorewall:all2all:REJECT:" --log-level info
-A all2all -j reject
-A common -p icmp -j icmpdef
-A common -p udp -m udp --dport 135 -j reject
-A common -p udp -m udp --dport 137:139 -j reject
-A common -p udp -m udp --dport 445 -j reject
-A common -p tcp -m tcp --dport 139 -j reject
-A common -p tcp -m tcp --dport 445 -j reject
-A common -p tcp -m tcp --dport 135 -j reject
-A common -p udp -m udp --dport 1900 -j DROP
-A common -d 255.255.255.255 -j DROP
-A common -d 224.0.0.0/240.0.0.0 -j DROP
-A common -p tcp -m tcp --dport 113 -j reject
-A common -p udp -m udp --sport 53 -m state --state NEW -j DROP
-A fw2net -m state --state RELATED,ESTABLISHED -j ACCEPT
-A fw2net -p tcp -m state --state NEW -m tcp ! --tcp-flags SYN,RST,ACK SYN -j newnotsyn
-A fw2net -p tcp -m multiport --dports http,https -m state --state NEW -j ACCEPT
-A fw2net -d 195.170.0.2 -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A fw2net -d 195.170.2.1 -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A fw2net -p tcp -m multiport --dports smtp,pop3 -m state --state NEW -j ACCEPT
-A fw2net -p tcp -m multiport --dports ftp-data,ftp -m state --state NEW -j ACCEPT
-A fw2net -p tcp -m state --state NEW -m tcp --dport 1863 -j ACCEPT
-A fw2net -p tcp -m state --state NEW -m tcp --dport 5190 -j ACCEPT
-A fw2net -p udp -m state --state NEW -m udp --dport 4000 -j DROP
-A fw2net -j all2all
-A net2fw -m state --state RELATED,ESTABLISHED -j ACCEPT
-A net2fw -p tcp -m state --state NEW -m tcp ! --tcp-flags SYN,RST,ACK SYN -j newnotsyn
-A net2fw -s 195.170.0.2 -p udp -m state --state NEW -m udp --sport 53 -j ACCEPT
-A net2fw -s 195.170.2.1 -p udp -m state --state NEW -m udp --sport 53 -j ACCEPT
-A net2fw -p udp -m state --state NEW -m udp --sport 21 -j LOG --log-prefix "Shorewall:net2fw:DROP:" --log-level info
-A net2fw -p udp -m state --state NEW -m udp --sport 21 -j DROP
-A net2fw -p udp -m state --state NEW -m udp --sport 4000 -j LOG --log-prefix "Shorewall:net2fw:DROP:" --log-level info
-A net2fw -p udp -m state --state NEW -m udp --sport 4000 -j DROP
-A net2fw -p tcp -m state --state NEW -m tcp --sport 5190 -j LOG --log-prefix "Shorewall:net2fw:DROP:" --log-level info
-A net2fw -p tcp -m state --state NEW -m tcp --sport 5190 -j DROP
-A net2fw -p tcp -m state --state NEW -m tcp --sport 1863 -j LOG --log-prefix "Shorewall:net2fw:DROP:" --log-level info
-A net2fw -p tcp -m state --state NEW -m tcp --sport 1863 -j DROP
-A net2fw -p 103 -j LOG --log-prefix "Shorewall:net2fw:DROP:" --log-level info
-A net2fw -p 103 -j DROP
-A net2fw -p 2 -j LOG --log-prefix "Shorewall:net2fw:DROP:" --log-level info
-A net2fw -p 2 -j DROP
-A net2fw -j common
-A net2fw -j LOG --log-prefix "Shorewall:net2fw:DROP:" --log-level info
-A net2fw -j DROP
-A newnotsyn -j LOG --log-prefix "Shorewall:newnotsyn:DROP:" --log-level info
-A newnotsyn -j DROP
-A ppp0_fwd -m state --state NEW -j dynamic
-A ppp0_in -m state --state NEW -j dynamic
-A ppp0_in -j net2fw
-A reject -p tcp -j REJECT --reject-with tcp-reset
-A reject -p udp -j REJECT --reject-with icmp-port-unreachable
-A reject -p icmp -j REJECT --reject-with icmp-host-unreachable
-A reject -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Wed Jan 7 20:00:17 2004
# Generated by iptables-save v1.2.8 on Wed Jan 7 20:00:17 2004
*mangle
:PREROUTING ACCEPT [11270:2385909]
:INPUT ACCEPT [11265:2385639]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [11514:1327720]
:POSTROUTING ACCEPT [11514:1327720]
:outtos - [0:0]
:pretos - [0:0]
-A PREROUTING -j pretos
-A OUTPUT -j outtos
-A outtos -p tcp -m tcp --dport 22 -j TOS --set-tos 0x10
-A outtos -p tcp -m tcp --sport 22 -j TOS --set-tos 0x10
-A outtos -p tcp -m tcp --dport 21 -j TOS --set-tos 0x10
-A outtos -p tcp -m tcp --sport 21 -j TOS --set-tos 0x10
-A outtos -p tcp -m tcp --sport 20 -j TOS --set-tos 0x08
-A outtos -p tcp -m tcp --dport 20 -j TOS --set-tos 0x08
-A pretos -p tcp -m tcp --dport 22 -j TOS --set-tos 0x10
-A pretos -p tcp -m tcp --sport 22 -j TOS --set-tos 0x10
-A pretos -p tcp -m tcp --dport 21 -j TOS --set-tos 0x10
-A pretos -p tcp -m tcp --sport 21 -j TOS --set-tos 0x10
-A pretos -p tcp -m tcp --sport 20 -j TOS --set-tos 0x08
-A pretos -p tcp -m tcp --dport 20 -j TOS --set-tos 0x08
COMMIT
# Completed on Wed Jan 7 20:00:17 2004
# Generated by iptables-save v1.2.8 on Wed Jan 7 20:00:17 2004
*nat
:PREROUTING ACCEPT [56:2966]
:POSTROUTING ACCEPT [508:29835]
:OUTPUT ACCEPT [477:28595]
COMMIT
# Completed on Wed Jan 7 20:00:17 2004
Voilà, j'espere que ca t'aidera.
# Generated by iptables-save v1.2.8 on Wed Jan 7 20:00:17 2004
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:all2all - [0:0]
:common - [0:0]
:dynamic - [0:0]
:fw2net - [0:0]
:icmpdef - [0:0]
:net2fw - [0:0]
:newnotsyn - [0:0]
:ppp0_fwd - [0:0]
:ppp0_in - [0:0]
:reject - [0:0]
:shorewall - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p ! icmp -m state --state INVALID -j DROP
-A INPUT -i ppp0 -j ppp0_in
-A INPUT -j common
-A INPUT -j LOG --log-prefix "Shorewall:INPUT:REJECT:" --log-level info
-A INPUT -j reject
-A FORWARD -p ! icmp -m state --state INVALID -j DROP
-A FORWARD -i ppp0 -j ppp0_fwd
-A FORWARD -j common
-A FORWARD -j LOG --log-prefix "Shorewall:FORWARD:REJECT:" --log-level info
-A FORWARD -j reject
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p ! icmp -m state --state INVALID -j DROP
-A OUTPUT -o ppp0 -j fw2net
-A OUTPUT -j common
-A OUTPUT -j LOG --log-prefix "Shorewall:OUTPUT:REJECT:" --log-level info
-A OUTPUT -j reject
-A all2all -m state --state RELATED,ESTABLISHED -j ACCEPT
-A all2all -p tcp -m state --state NEW -m tcp ! --tcp-flags SYN,RST,ACK SYN -j newnotsyn
-A all2all -j common
-A all2all -j LOG --log-prefix "Shorewall:all2all:REJECT:" --log-level info
-A all2all -j reject
-A common -p icmp -j icmpdef
-A common -p udp -m udp --dport 135 -j reject
-A common -p udp -m udp --dport 137:139 -j reject
-A common -p udp -m udp --dport 445 -j reject
-A common -p tcp -m tcp --dport 139 -j reject
-A common -p tcp -m tcp --dport 445 -j reject
-A common -p tcp -m tcp --dport 135 -j reject
-A common -p udp -m udp --dport 1900 -j DROP
-A common -d 255.255.255.255 -j DROP
-A common -d 224.0.0.0/240.0.0.0 -j DROP
-A common -p tcp -m tcp --dport 113 -j reject
-A common -p udp -m udp --sport 53 -m state --state NEW -j DROP
-A fw2net -m state --state RELATED,ESTABLISHED -j ACCEPT
-A fw2net -p tcp -m state --state NEW -m tcp ! --tcp-flags SYN,RST,ACK SYN -j newnotsyn
-A fw2net -p tcp -m multiport --dports http,https -m state --state NEW -j ACCEPT
-A fw2net -d 195.170.0.2 -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A fw2net -d 195.170.2.1 -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A fw2net -p tcp -m multiport --dports smtp,pop3 -m state --state NEW -j ACCEPT
-A fw2net -p tcp -m multiport --dports ftp-data,ftp -m state --state NEW -j ACCEPT
-A fw2net -p tcp -m state --state NEW -m tcp --dport 1863 -j ACCEPT
-A fw2net -p tcp -m state --state NEW -m tcp --dport 5190 -j ACCEPT
-A fw2net -p udp -m state --state NEW -m udp --dport 4000 -j DROP
-A fw2net -j all2all
-A net2fw -m state --state RELATED,ESTABLISHED -j ACCEPT
-A net2fw -p tcp -m state --state NEW -m tcp ! --tcp-flags SYN,RST,ACK SYN -j newnotsyn
-A net2fw -s 195.170.0.2 -p udp -m state --state NEW -m udp --sport 53 -j ACCEPT
-A net2fw -s 195.170.2.1 -p udp -m state --state NEW -m udp --sport 53 -j ACCEPT
-A net2fw -p udp -m state --state NEW -m udp --sport 21 -j LOG --log-prefix "Shorewall:net2fw:DROP:" --log-level info
-A net2fw -p udp -m state --state NEW -m udp --sport 21 -j DROP
-A net2fw -p udp -m state --state NEW -m udp --sport 4000 -j LOG --log-prefix "Shorewall:net2fw:DROP:" --log-level info
-A net2fw -p udp -m state --state NEW -m udp --sport 4000 -j DROP
-A net2fw -p tcp -m state --state NEW -m tcp --sport 5190 -j LOG --log-prefix "Shorewall:net2fw:DROP:" --log-level info
-A net2fw -p tcp -m state --state NEW -m tcp --sport 5190 -j DROP
-A net2fw -p tcp -m state --state NEW -m tcp --sport 1863 -j LOG --log-prefix "Shorewall:net2fw:DROP:" --log-level info
-A net2fw -p tcp -m state --state NEW -m tcp --sport 1863 -j DROP
-A net2fw -p 103 -j LOG --log-prefix "Shorewall:net2fw:DROP:" --log-level info
-A net2fw -p 103 -j DROP
-A net2fw -p 2 -j LOG --log-prefix "Shorewall:net2fw:DROP:" --log-level info
-A net2fw -p 2 -j DROP
-A net2fw -j common
-A net2fw -j LOG --log-prefix "Shorewall:net2fw:DROP:" --log-level info
-A net2fw -j DROP
-A newnotsyn -j LOG --log-prefix "Shorewall:newnotsyn:DROP:" --log-level info
-A newnotsyn -j DROP
-A ppp0_fwd -m state --state NEW -j dynamic
-A ppp0_in -m state --state NEW -j dynamic
-A ppp0_in -j net2fw
-A reject -p tcp -j REJECT --reject-with tcp-reset
-A reject -p udp -j REJECT --reject-with icmp-port-unreachable
-A reject -p icmp -j REJECT --reject-with icmp-host-unreachable
-A reject -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Wed Jan 7 20:00:17 2004
# Generated by iptables-save v1.2.8 on Wed Jan 7 20:00:17 2004
*mangle
:PREROUTING ACCEPT [11270:2385909]
:INPUT ACCEPT [11265:2385639]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [11514:1327720]
:POSTROUTING ACCEPT [11514:1327720]
:outtos - [0:0]
:pretos - [0:0]
-A PREROUTING -j pretos
-A OUTPUT -j outtos
-A outtos -p tcp -m tcp --dport 22 -j TOS --set-tos 0x10
-A outtos -p tcp -m tcp --sport 22 -j TOS --set-tos 0x10
-A outtos -p tcp -m tcp --dport 21 -j TOS --set-tos 0x10
-A outtos -p tcp -m tcp --sport 21 -j TOS --set-tos 0x10
-A outtos -p tcp -m tcp --sport 20 -j TOS --set-tos 0x08
-A outtos -p tcp -m tcp --dport 20 -j TOS --set-tos 0x08
-A pretos -p tcp -m tcp --dport 22 -j TOS --set-tos 0x10
-A pretos -p tcp -m tcp --sport 22 -j TOS --set-tos 0x10
-A pretos -p tcp -m tcp --dport 21 -j TOS --set-tos 0x10
-A pretos -p tcp -m tcp --sport 21 -j TOS --set-tos 0x10
-A pretos -p tcp -m tcp --sport 20 -j TOS --set-tos 0x08
-A pretos -p tcp -m tcp --dport 20 -j TOS --set-tos 0x08
COMMIT
# Completed on Wed Jan 7 20:00:17 2004
# Generated by iptables-save v1.2.8 on Wed Jan 7 20:00:17 2004
*nat
:PREROUTING ACCEPT [56:2966]
:POSTROUTING ACCEPT [508:29835]
:OUTPUT ACCEPT [477:28595]
COMMIT
# Completed on Wed Jan 7 20:00:17 2004
Voilà, j'espere que ca t'aidera.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question