23 декабря, 2020 
kevich ЗАЩИТА ОТ СКАНИРОВАНИЯ
-A INPUT -m recent –rcheck –seconds 86400 –name portscan –mask 255.255.255.255 –rsource -j portscan
-A INPUT -m recent –rcheck –seconds 86400 –name UDP_FLOOD –mask 255.255.255.255 –rsource -j portscan
-A INPUT -m recent –remove –name portscan –mask 255.255.255.255 –rsource
-A INPUT -m recent –remove –name UDP_FLOOD –mask 255.255.255.255 –rsource
-A INPUT -p tcp -m tcp -m recent –set –name portscan –mask 255.255.255.255 –rsource -m state –state NEW -j portscan
-A INPUT -p udp -m state –state NEW -m recent –set –name Domainscans –mask 255.255.255.255 –rsource
-A INPUT -p udp -m state –state NEW -m recent –rcheck –seconds 5 –hitcount 5 –name Domainscans –mask 255.255.255.255 –rsource -j UDP
-A INPUT -p udp -m string –hex-string “|0000ff0001|” –algo bm –to 65535 -j domainscan
-A INPUT -p udp -m udp –dport 53 -m state –state NEW -m recent –set –name Domainscans –mask 255.255.255.255 –rsource -j ACCEPT
-A INPUT -p udp -m state –state NEW -m recent –update –seconds 1 –hitcount 10 –name Domainscans –mask 255.255.255.255 –rsource -j domainscan
-A UDP -j LOG –log-prefix “UDP_FLOOD ”
-A UDP -p udp -m state –state NEW -m recent –set –name UDP_FLOOD –mask 255.255.255.255 –rsource
-A UDP -j DROP
-A domainscan -j LOG –log-prefix “Blocked_domain_scans ”
-A domainscan -p tcp -m state –state NEW -m recent –set –name Webscanners –mask 255.255.255.255 –rsource
-A domainscan -j DROP
-A portscan -j LOG –log-prefix “Blocked_scans ”
-A portscan -j DROP
Опубликовано в рубрике 