Bugtraq mailing list archives
Re: Ipchains!
From: paul () CARLUCCI NET (Paul D. Carlucci)
Date: Thu, 11 May 2000 01:23:20 -0400
Wacky, I was unable to reproduce this. I've got Slack 4.0 with 2.2.11 + international crypto goodies, and ipchains 1.3.8. I was unable to reproduce this. I let this run for about 15 minutes and nothing bad happened. Here's some stuff about my box: <snip> REJECT udp ----l- 0.0.0.0/0 0.0.0.0/0 * -> !1024: 65535 REJECT tcp -y--l- 0.0.0.0/0 0.0.0.0/0 * -> !1024: 65535 Chain forward (policy ACCEPT): target prot opt source destination ports MASQ tcp ------ 192.168.0.0/16 0.0.0.0/0 * -> * MASQ udp ------ 192.168.0.0/16 0.0.0.0/0 * -> * MASQ icmp ------ 192.168.0.0/16 0.0.0.0/0 * -> * Chain output (policy ACCEPT): gargoyle:~# uname -a Linux gargoyle 2.2.11 #6 Tue Sep 28 18:49:31 EDT 1999 i586 unknown gargoyle:~# ipchains --version ipchains 1.3.8, 27-Oct-1998 gargoyle:~# uptime 1:34am up 26 days, 21:44, 3 users, load average: 2.56, 2.32, 1.38 gargoyle:~# Dimuthu Parussalla wrote:
Ipchains buffer overflow with debian 2.2.10 Kernel. -------------------------------------------------- there is a buffer overflow hang in linux debian distributin kernel 2.2.10 with ipchains 1.3.8, 27-Oct-1998. here is the explanation. We tested with a linux running with debian above version of kernel and ipchains. first we setup the linux box to handle IP Masquerading as follows. ipchains -A forward -j MASQ -s 192.168.0.0/16 Then from a local workstation within the 192.168.0.0 network. We ssh to the linux box. and did the following $ping -f <ip.address> And we opend a another ssh session to the linux box and did the following $ping -l 6512121 <ip.address> After a few minutes. Ipchains hangs and the linux server hangs.. Ipchains-patch.gz will fix the problem. ---------------------- THE UNDERTAKER -> EFNET -> REAL CRACKING !!!REST IN PACE!!!!
Current thread:
- Re: Windows NT/95/98/Possible Others Denial of Service Attack. Mi crosoft ODBC Database connectivity flaw. Daniel Docekal (May 01)
- SuSE Security Announcement - aaa_base - UPDATE Marc Heuse (May 02)
- Race condition in "rm -r" Morten Welinder (May 03)
- Re: Race condition in "rm -r" Glynn Clements (May 06)
- Re: Race condition in "rm -r" David Brownlee (May 07)
- Re: Race condition in "rm -r" Glynn Clements (May 07)
- Re: Race condition in "rm -r" David Brownlee (May 08)
- Race condition in "rm -r" Morten Welinder (May 03)
- Re: Race condition in "rm -r" Alex Belits (May 07)
- Re: Race condition in "rm -r" Glynn Clements (May 07)
- SuSE Security Announcement - aaa_base - UPDATE Marc Heuse (May 02)
- Ipchains! Dimuthu Parussalla (May 07)
- Re: Ipchains! Paul D. Carlucci (May 10)
- Prevent Current and Future E-Mail Worms AXENT Security Team (May 12)
- Cisco Security Advisory: Cisco IOS HTTP Server Vulnerability Cisco Systems Product Security Incident Response Team (May 15)
- Contemplations : Melissa, I love you - not! Cerberus Security Team (May 08)
- June 2000 FIRST Conference Reminder Roger Safian (May 08)