Try this nice little script that will lock down nmap. Test it out today and it should do the trick.
#!/bin/bash
#Dropping Source Routed Packets
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
#Enable TCP SYN Cookies (SYN flooding protection)
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
#Drop ICMP redirect messages
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
#Dont Send ICMP redirect messages
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
#Enable source address spoofing protection
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
#Enable logging of packets with forged source addresses
echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
#Flush all iptables chains and prepare to create our firewall
iptables --flush
#Allow Traffic on loopback interface
iptables -A INPUT -i lo -j ACCEPT
#set default policies
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP
#Mess up nmap scan timing, and start dropping packets
iptables -A INPUT -p tcp -m conntrack --ctstate NEW -m recent --set
iptables -A INPUT -p tcp -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 7 -j DROP
#Allow previously initiated connections to bypass rules
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT
#Defeat nmap port scanning in non standard configurations (XMAS , Banner Scan, etc)
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL FIN -j DROP
#Allow incoming traffic to our FTP Server
iptables -A INPUT -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
#Allow incoming traffic to SSH
iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
#Allow incoming traffic to Apache
iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT #uncomment if you use SSL on your webserver
#Log and Drop Everything Else
iptables -N LOGGING
iptables -A LOGGING -j LOG
iptables -A LOGGING -j DROP
iptables -A INPUT -j LOGGING
Notes:
For access through a VPN, you can close of port 80 and 443 by commenting out these two lines in the script:
#Allow incoming traffic to Apache
#iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
#iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT #uncomment if you use SSL
This will effectively close both ports. I tested this on my web servers and it worked.
Or
This is simple perl script I'm giving you.
Just give your INPUT-FILE NAME & OUTPUT-FILE NAME & you will get your answer !!
######################
#!/usr/bin/perl
# File INPUT
$inp1='';
print "enter yr INPUT file name\n";
$inp1=<stdin>;
chomp($inp1);
@a1=();
open(kk1,"$inp1");
@a1=<kk1>;
close(kk1);
# New file for OUTPUT
$inp2='';
print "enter yr OUTPUT file name\n";
$inp2=<stdin>;
chomp($inp2);
@a2=();
open(mm,">$inp2");
# Loop to run the Input file
foreach $b1(@a1)
{
chomp($b1);
@c1=();
@c1=split('\s+',$b1);
print mm @c1[2]."\t".@c1[5]."\t".@c1[6]. "\n";
}
@a1=();
@c1=();
close(mm);
######################
