Home page logo

basics logo Security Basics mailing list archives

Re: Reflexive firewalls?
From: "0x90" <secbasics () spam gagspace com>
Date: Thu, 27 Dec 2007 19:28:35 +0100


My suggestion is google://iptables+recent+example

This is not perfect, it might not even be working, but your solution with nf would probably look something like this:

$IPTABLES -A INPUT -p TCP --dport 1234 \
-m recent --name knock --set -j ACCEPT

$IPTABLES -A INPUT -p TCP --dport 22 -m recent \
--name knock --rcheck --seconds 120 --hitcount 1 -j ACCEPT


----- Original Message ----- From: "Danilo Chilene" <dchilene () impsat com>
To: "Ong Chin Kiat" <ong.chinkiat () gmail com>
Cc: <security-basics () securityfocus com>
Sent: Thursday, December 27, 2007 7:02 PM
Subject: Re: Reflexive firewalls?

I know how do this with PF.

Don't have any idea with iptables. :(

Ong Chin Kiat wrote:
Hi list,

I've recently used an SSH server that had an interesting
authentication mechanism. You first had to telnet to the machine on a
certain port. After doing this (it will just time out - no prompt),
you then SSH to the server in question. The telnet step has to be
carried out, if not SSH will just time out.

My question is, is this called reflexive firewalling, and can I
duplicate this with iptables?


Danilo F. Chilene

Especialista SO

Global Crossing Limited

Tel.: (55 11) 3957-2945

Cel.: (55 11) 8231-1851

danilo.chilene () globalcrossing com



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]