Vulnerability Development mailing list archives
RE: Bigger bug than expected?
From: "Christophe Grenier" <christophe.grenier () global-secure fr>
Date: Tue, 5 Mar 2002 11:34:16 +0100
There is NO bug. With correct firewall rules, only TCP and SYN scan works. iptables -A INPUT -m state --state INVALID -m limit --limit 4/s -j LOG --log-prefix "INPUT INVALID " iptables -A INPUT -m state --state INVALID -j DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp ! --syn -m state --state NEW -m limit --limit 4/s -j LOG --log-prefix "TCP INPUT without SYN " iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i eth0 -j to-me iptables -A INPUT -i eth1 -j to-me iptables -A INPUT -m limit --limit 4/s -j LOG --log-prefix "INPUT bad " iptables -A INPUT -j DROP where to-me is a user defined rule where you allowed connection to certains ports. Extract from nmap documentation:
-sF -sX -sN Stealth FIN, Xmas Tree, or Null scan modes: <snip> The idea is that closed ports are required to reply to your probe packet with an RST, while open ports must ignore the packets in question (see RFC 793 pp 64).
Your stealth packets are dropped by the firewall, check your logs. Christophe -- Global Secure 78, rue de la Condamine 75017 PARIS Tel : 01 44 70 48 03 Fax : 01 44 70 48 49 Email : cgr () global-secure fr
-----Message d'origine----- De : Justin Piszcz [mailto:war () starband net] Envoyé : jeudi 28 février 2002 13:27 À : netfilter () lists samba org Cc : vuln-dev () securityfocus com; bugtraq () securityfocus com Objet : Bigger bug than expected? Further NMAP testing shows the following: (IPTables 1.2.4/Kernel 2.4.18) nmap -P0 -sT -p 21,80 IP 21/tcp filtered ftp 80/tcp filtered http nmap -P0 -sF -p 21,80 IP 21/tcp open ftp 80/tcp open http nmap -P0 -sX -p 21,80 IP 21/tcp open ftp 80/tcp open http nmap -P0 -sN -p 21,80 IP 21/tcp open ftp 80/tcp open http
Current thread:
- Bigger bug than expected? Justin Piszcz (Mar 05)
- Re: Bigger bug than expected? Maciej Soltysiak (Mar 27)
- <Possible follow-ups>
- RE: Bigger bug than expected? Christophe Grenier (Mar 05)