Many network services use Linux and install Apache server software. Attackers can use NMAP to scan web sites. Now they share their defense experience.
In this example, we can set it to make Linux ignore NMAP scanning. The iptables tool is used to filter network information and prevent the system from responding to scan requests. To
To improve the security of the server.
Run the following command: www.2cto.com
# Iptables-F
# Iptables-a input-p tcp -- tcp-flags all fin, URG, PSH-j Drop
# Iptables-a input-p tcp -- tcp-flags SYN, rst syn, RST-j Drop
# Iptables-a input-p tcp -- tcp-flags SYN, fin syn, FIN-j Drop
# Iptables-a input-p tcp -- tcp-flags SYN, SYN -- dport 80-j Drop
After running the preceding command, Linux will filter the scan information from NMAP, and hackers will not be able to obtain information such as the active TCP port and operating system version, so the server will be more secure.
From computer manual Network