begin quote
On Tue, 05 Aug 2003 14:55:31 -0500
Mike Bellemare [EMAIL PROTECTED] wrote:
hi
I've build myself a firewall with iptables.
it's working great and all, except that using nmap to check how to see
if i could see some difference on the OS detection option, and it's
doing none.
Remote operating system guess: Linux kernel 2.4.18 - 2.4.20 (X86)
as i read somewhere on the internet, it's more secure if you're hiding
the OS running on the web server. Does anyone knows how to block my
server to deliver such informations?
Nope, there is no such unless you do
iptables -t nat -A PREROUTING -i outside_interface -m match --match
ESTABLISHED--jump ACCEPT
iptables -t nat -A PREROUTING -i outside_interface -m match --match
RELATED--jump ACCEPT
iptables -t nat -A PREROUTING -i outside_interface --jump DROP
Which should drop most things, even empty SYN or RST packets.
(prerouting is done before anything, even INPUT. )
//Spider
i'd like too to know if there's a way to make iptables to log
unsucceful and succesful connections on my IP adress.
another thing...does anyone has some programs or ways to check if my
server is secure (on the connection side).
thanks
M.B
--
__
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr
Powered by Outblaze
--
[EMAIL PROTECTED] mailing list
--
begin .signature
This is a .signature virus! Please copy me into your .signature!
See Microsoft KB Article Q265230 for more information.
end
pgp0.pgp
Description: PGP signature