One of the rules to prevent unexpected attack is to prevent SYN & FIN being used together.
SYN and FIN are both set
$IPT -A INPUT -p tcp –tcp-flags SYN,FIN SYN,FIN -j DROP
How do I use hping to test if this iptable rule works?
hping3 192.168.7.0 –keep -S -F???
Is this complete?
When just type iptables -L, it shows:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all — anywhere anywhere
DROP tcp — anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
WHY do I need to put the "SYN,FIN" twice before drop?
Is it because one for source and one for destination?
Best Answer
I use nmap: