Iptables – How to test if SYN and FIN are both dropped at the same time in hping3

iptables

One of the rules to prevent unexpected attack is to prevent SYN & FIN being used together.

SYN and FIN are both set

$IPT -A INPUT -p tcp –tcp-flags SYN,FIN SYN,FIN -j DROP

How do I use hping to test if this iptable rule works?
hping3 192.168.7.0 –keep -S -F???
Is this complete?

When just type iptables -L, it shows:

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all — anywhere anywhere
DROP tcp — anywhere anywhere tcp flags:FIN,SYN/FIN,SYN

WHY do I need to put the "SYN,FIN" twice before drop?
Is it because one for source and one for destination?

Best Answer

I use nmap:

# nmap --scanflags SYN,FIN HOSTNAME
# iptables -nv -L
Chain INPUT (policy ACCEPT 866K packets, 457M bytes)
 pkts bytes target     prot opt in     out     source               destination         
  120  5280 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x03/0x03
Related Topic