Stealth port with iptables

Greetings,

I've a question about set stealth port for my IP with iptables.

I've tryed:

iptables -A INPUT -p tcp -s 0/0 -d 10.10.1.2 -j REJECT --reject-with tcp-reset

and if I run nmap I get:

nmap 10.10.1.2

Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
All 1542 scanned ports on (10.10.1.2) are: closed

As you can see nmap report CLOSED status (not stealth Stealth port with iptables )

To limit also ICMP traffic I' should add this rule:

iptables -A INPUT -p icmp -s 0/0 -d 10.10.1.2 -j DROP

Now my questions (green Stealth port with iptables)

1)I should use the -j DROP command instead of -j REJECT --reject-with tcp-reset?

2)I should add a specified rule for tcp, udp, icmp (and so on) protocol or I can give a command all-comprehensive?

3)I'm already using portsentry and iptables, I'm planning to add snort and Acid, do you think there still something else I could add to be sure?

last thing, after trying to set -j DROP I've run nmap:

nmap 10.10.1.2

Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0

I've started nmap with -P0 but after many time it is still working, without giving me any result.

Thank you.

 

 

 

 

Top