TCP SYN packets
Posted: 30 Dec 2007, 22:48
Hello,
I'm new to CSF and firewalls in general. I'm trying to complete a PCI scan and I was told by the company doing the scanning that I needed to block SYN packets to certain ports.
This is exactly what was said.:
Make sure that all your filtering rules are correct and strict enough. If the firewall intends to deny TCP connections to a specific port, it should be configured to block all TCP SYN packets going to this port, regardless of the source port.
I have the TCP incoming ports set up to this:
20,21,22,53,80,443,953,2077,2082,2083,2086,2087
However this is the result of the scan:
The host responded 4 times to 4 TCP SYN probes sent to destination port 1027 using source port 53. However, it did not respond at all to 4 TCP SYN probes sent to the same destination port using a random source port.
I thought by not allowing the port to be open meant that there could be no traffic through it. How would I lock it down even more?
Thank you in advance for any help in this matter.
Marcel
I'm new to CSF and firewalls in general. I'm trying to complete a PCI scan and I was told by the company doing the scanning that I needed to block SYN packets to certain ports.
This is exactly what was said.:
Make sure that all your filtering rules are correct and strict enough. If the firewall intends to deny TCP connections to a specific port, it should be configured to block all TCP SYN packets going to this port, regardless of the source port.
I have the TCP incoming ports set up to this:
20,21,22,53,80,443,953,2077,2082,2083,2086,2087
However this is the result of the scan:
The host responded 4 times to 4 TCP SYN probes sent to destination port 1027 using source port 53. However, it did not respond at all to 4 TCP SYN probes sent to the same destination port using a random source port.
I thought by not allowing the port to be open meant that there could be no traffic through it. How would I lock it down even more?
Thank you in advance for any help in this matter.
Marcel