=============================================================================
* Reenviado por Antonio Hernandez (2:341/202)
* Area : VAMP.HACKING (Vamp.Hacking)
* From : Belky, 2:341/202.1 (24 May 14 21:57)
* To : All
* Subj : Evitando ser victima de NMAP ============================================================================= Hello, All!

Un pequeño script para evitar ser victima de nmap usando iptables. La fuente es
http://geekscripting.blogspot.mx/

Autor: @D4nnR

#!/bin/bash
echo 'C0NF1GUR4ND0 F1R3W411'
echo 'LIMPIANDO IPTABLES'
iptables -Z
iptables -F
#echo '# Denegando el ping #'
iptables -A INPUT -p icmp -j DROP
#echo ''
#iptables -t filter -A INPUT -p tcp -s 0/0 -d localhost --dport 25 -j DROP

echo '## Blocking portscan ##'
# Attempt to block portscans
# Anyone who tried to portscan us is locked out for an entire day.
iptables -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP iptables -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP

# Once the day has passed, remove them from the portscan list
iptables -A INPUT -m recent --name portscan --remove
iptables -A FORWARD -m recent --name portscan --remove
# These rules add scanners to the portscan list, and log the attempt.
iptables -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "Portscan:"
iptables -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP

iptables -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "Portscan:"
iptables -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP

echo '## Spoofed Invalid packets ##'# Reject spoofed packets
# These adresses are mostly used for LAN's, so if these would come to a WAN-only server, drop them.
iptables -A INPUT -s 10.0.0.0/8 -j DROP
iptables -A INPUT -s 169.254.0.0/16 -j DROP
iptables -A INPUT -s 172.16.0.0/12 -j DROP
iptables -A INPUT -s 127.0.0.0/8 -j DROP

#Multicast-adresses.
iptables -A INPUT -s 224.0.0.0/4 -j DROP
iptables -A INPUT -d 224.0.0.0/4 -j DROP
iptables -A INPUT -s 240.0.0.0/5 -j DROP
iptables -A INPUT -d 240.0.0.0/5 -j DROP
iptables -A INPUT -s 0.0.0.0/8 -j DROP
iptables -A INPUT -d 0.0.0.0/8 -j DROP
iptables -A INPUT -d 239.255.255.0/24 -j DROP
iptables -A INPUT -d 255.255.255.255 -j DROP

# Drop all invalid packets
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP

echo '#### Stop smurf attacks ####'
# Don't allow pings through
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP

Best Regards,
Belky

-+- VampireBBS
+ Origin: Punto Vampiro (2:341/202.1) =============================================================================

¡Hola All!


Saludos,
Belky

Fidonet: 2:341/202
e-mail : belky@vampirebbs.org
twitter: @belky318
GPG Key: 0x12D5D6E1
... Dulce Bellum Inexpertis - Erasmo de Rotterdam
--- MysticBBS 1.10A41 (Linux)
* Origin: VampireBBS return (2:341/202)

­Hola Antonio!

El Sábado 24 Mayo 2014 a las 22:17, Antonio Hernandez escribió a All:

Un pequeño script para evitar ser victima de nmap usando iptables. La fuente es http://geekscripting.blogspot.mx/

Interesante. Lo guardo para cuando dejé de usar el NAT del router y use un cortafuegos de verdad. ;-)

-
A reveure!!
Enric
__________________________________________________________________
FidoNet: 2:343/107.1 | beholderbbs.org | fidonet.cat | .es | .ws
InterNet: kishpa(at)kishpa(dot)com | kishpa.com | GPG#0xDCCB8CFC

... Los hombres ilustres tienen toda la tierra por tumba. (Pericles)
--- crashmail + golded + binkd
* Origin: Black flag & crossed bones : Eye Of The Beholder BBS! (2:343/107.1)