PDA

View Full Version : [Firewall Issue] Is there a way to block all syn connections?



hackerpitbull
05-04-2005, 07:39 AM
Hi ;P
Is there a way do disable all syn connections to the server?

jmstacey
05-04-2005, 08:49 PM
And what exactly are you reffering to by syn? I am not aware of it.
What firewall are you using?

hackerpitbull
05-05-2005, 02:14 AM
Originally posted by jmstacey
And what exactly are you reffering to by syn? I am not aware of it.
What firewall are you using?
SYN_RECV via port 80.
APF & Iptables...

I already tried:
/sbin/iptables -I INPUT -p tcp --tcp-flags ALL NONE -j DROP
/sbin/iptables -I INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
/sbin/iptables -I INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
/sbin/iptables -I INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
/sbin/iptables -I INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
/sbin/iptables -I INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP
/sbin/iptables -I INPUT -p tcp --tcp-flags ACK,URG URG -j DROP
/sbin/iptables -A INPUT -p tcp --dport 80 --syn -j DROP

and some tweaks in sysctl, but it still dosnt block evrey syn connection.

nobaloney
05-05-2005, 05:30 PM
Have you looked up "block syn connection" (without the quotes) in google?

Jeff

hackerpitbull
05-06-2005, 01:05 AM
Originally posted by jlasman
Have you looked up "block syn connection" (without the quotes) in google?

Jeff
yeah, i did, couldn't fined anything that can help me :\

jmstacey
05-06-2005, 11:16 PM
http://forum.ev1servers.net/showthread.php?t=17363&page=2

Which might actually by where you got your code from, who knows but you.

On the next page of the link above, in the first post, I get the general idea that APF already has something like this built it and it just needs enabling.

Good-Luck

budihost
06-01-2005, 09:53 PM
We will receive SYN packet when someone do port scanning towards our machine right?

We also can block port scanning, by manipulating this matter, thise packet thing. I dont really know about it.

Can someone give me "ipfw" command to block port scanning to my machine?

Does APF works good? I'm planning to install Brute Force Detection, http://www.rfxnetworks.com/bfd.php, but it works with APF..
Can APF be installed with FreeBSD?

I'm using FreeBSD 4.11..

Thanks