[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: grouped tcp flags



On Tue, Apr 01, 2003 at 04:15:55PM +0200, Philipp Buehler wrote:
> [list added again, I think this is public interest and should be archived]
> 
> On 01/04/2003, HKSPKS@aol.com <HKSPKS@aol.com> wrote To pb@openbsd.de:
> > I just wanted to drop all nmap and/or other harmful packets... I found half 
> > of this list of flags @ nmap's forums by a guy saying which to block to stop 
> > nmap, the other half I found on a sans.org site... I'll try to dig up a link 
> > if you want it.  Which flags do you recommend blocking?
# block and log nmap OS fingerprinting attempts
#
block return-rst in log quick on $ext_if proto tcp all flags FP/FP
block return-rst in log quick on $ext_if proto tcp all flags SE/SE