As a result of Nessus scans, we noticed that this vulnerability came to our servers. --> https://www.tenable.com/plugins/nessus/17296
Interestingly, it appears in some of our server tiers, while others do not. I wanted to do research on this vulnerability, but I couldn't find much information on the internet.
We tried some methods to fix this problem. One of them was adding rule with mangle table. We examined the ip tables procedure and saw that this method is used in many places to take precautions against DoS attacks. We added it as an iptables rule on our own server and looked at the results we got.
But that didn't work either. While some of our servers did not see the error, some of them were seen again.
Code: Select all
Block Invalid Packets iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP This rule blocks all packets that are not a SYN packet and don’t belong to an established TCP connection. Block New Packets That Are Not SYN iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
What could be the reason for this error? How is it resolved? I need such ideas. Thanks in advance for the answers