Re: Strange errors with nmap 4.68

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 11 Dec 2008 14:44:09 -0700
Nathan <nathan.stocks () gmail com> wrote:

> That sounds like exactly what's happening!  A quick "cat
> /proc/net/ip_conntrack" spits out tons of connection tracking info.
> Do I have to turn that off in my kernel config (i.e.
> reconfigure/recompile my kernel) or is there a way to simply toggle it
> on/off?  I'm currently on kernel 2.6.23.
>
> ~ Nathan

Well you can recompile your kernel without connection tracking support
but the better option is to use the NOTRACK chain:

http://security.maruhn.com/iptables-tutorial/x4772.html

There are things though that a stateless firewall can not handle
properly.  I'm not sure what you want your scanning machine to be doing
but after fighting netfilter for over a year I decided that my box can
either scan (exclusive)or it can run a firewall.

Your mileage will vary.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAklBi8YACgkQqaGPzAsl94KOZwCcC2U5WKRGaz9GMz6y6fkUIscO
vA8AoLgEf4kO2C9rJXjS0MVF90ek1Nq/
=j///
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org