jmarcus
Apprentice
Joined: 12 Jun 2004
Posts: 197
|
 Posted: Wed Jun 08, 2005 2:36 pm Post subject: Bastille Proper place to add rules |
 |
|
I'm new to Bastille and thought this kind of thing would be listed in a FAQ
While running Nessus one warning I recevied was:
| Code: | Warning found on port general/tcp
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.
See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487 |
I was searching for a iptables command to deal with this issue and came up with:
| Code: | iptables -A INPUT -p tcp -d HOST/MASK --tcp-flags SYN,FIN SYN,FIN -j LOG -m limit --limit 10/m --log-level "LOGLEVEL" --log-prefix="bogus packet"
$IP -A INPUT -p tcp -d HOST/MASK --tcp-flags SYN,FIN SYN,FIN -j DROP |
What bastille file should I add this line to?
thanks |
|
Networking & Security
