Nmap Development mailing list archives

Re: [updated patch] fragment scan got broken between 3.50 and 3.75

From: Martin Mačok <martin.macok () underground cz>
Date: Sun, 30 Jan 2005 19:12:33 +0100

On Sun, Jan 30, 2005 at 02:35:18PM +0300, Andrey A. Tutolmin wrote:

MM> Can FreeBSD send tiny fragments (mtu=20+8)? Could you check it with
MM> hping2 or some other tool/lib?

I've just read through man on ipfw
and found out that:
         There is one kind of packet that the firewall will always discard,
         that is a TCP packet's fragment with a fragment offset of one.  This
         is a valid packet, but it only has one use, to try to circumvent
         firewalls.  When logging is enabled, these packets are reported as
         being dropped by rule -1.
So that is why I've been getting this permission denied messages.
I turned off firewall complitely:
sysctl -w net.inet.ip.fw.enable=0


Thank you for bringing this issue up.

Everything works fine right now.


Good news!

Martin Mačok
ICT Security Consultant

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org

Current thread:

Re: [updated patch] Re: fragment scan got broken between 3.50 and 3.75 Martin Mačok (Jan 11)
- Message not available
  - Re: [updated patch] fragment scan got broken between 3.50 and 3.75 Martin Mačok (Jan 29)
    - Message not available
    - Re: [updated patch] fragment scan got broken between 3.50 and 3.75 Martin Mačok (Jan 30)
- Re: [updated patch] Re: fragment scan got broken between 3.50 and 3.75 Fyodor (Jan 30)
  - Re: [updated patch] Re: fragment scan got broken between 3.50 and 3.75 Martin Mačok (Jan 31)
    - Re: [updated patch] Re: fragment scan got broken between 3.50 and 3.75 Martin Mačok (Jan 31)
  - Re: [updated patch] Re: fragment scan got broken between 3.50 and 3.75 Martin Mačok (Feb 01)
  - patches against 3.81 Martin Mačok (Feb 07)