Please enable JavaScript to view this site.

Firewall Rules Against Bad TCP Settings

IPtables firewall rules - add protection against unusual (possibly malicious) TCP settings:

To add these rules, go to the command line and enter the following commands:

sudo iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
sudo iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
sudo iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
sudo iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
sudo iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
sudo iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
sudo iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
sudo iptables -A INPUT -m state --state INVALID -j DROP
sudo iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

Refer to Ask Ubuntu discussion.

Make the new rules permanent by running the following command:

sudo iptables-save

See the following cheatsheet for more information.

* posted by Robert on Sun, Jun 30, 2024

Firewall Rules Against Bad TCP Settings

Reply 1:

As a test, I used Kali Linux Hping3 to launch a syn flood attack against my own website. The IPtables firewall rules proved effective. The syn flood attack failed miserably as shown by the screenshot below:

syn flood attack results

* posted by Robert on Sun, Jun 30, 2024

Return to Weblog Home