Just Another Geek!/ blog/ posts/ iptables --syn

L'un des avantages est qu'il n'est plus possible de faire des ACK Scan.

Exemple :

% sudo nmap -sA plop -v -F
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-05-09 21:01 CEST
Initiating ACK Scan against plop (192.168.0.42) at 21:01
Interesting ports on plop (192.168.0.42):
(The 1209 ports scanned but not shown below are in state: filtered)
PORT     STATE      SERVICE
21/tcp   UNfiltered ftp
22/tcp   UNfiltered ssh
25/tcp   UNfiltered smtp
80/tcp   UNfiltered http
443/tcp  UNfiltered https
993/tcp  UNfiltered imaps

Nmap run completed -- 1 IP address (1 host up) scanned in 54.642 seconds

Modifions désormais nos règles firewall sans la vilaine erreur :

% sudo nmap -sA plop -v -F
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-05-09 21:04 CEST
Host plop (192.168.0.42) appears to be up ... good.
Initiating ACK Scan against plop (192.168.0.42) at 21:04
All 1217 scanned ports on plop (192.168.0.42) are: filtered

Nmap run completed -- 1 IP address (1 host up) scanned in 57.622 seconds

Adieu ACK Scan :)

Ça devrait être indiqué dans une FAQ ou le HOWTO !