Vulnerability Development mailing list archives
[Fwd: BUG: [Kernel 2.4.18 - IP Tables 1.2.4] ?]
From: Justin Piszcz <war () starband net>
Date: Thu, 28 Feb 2002 08:07:27 -0500
Real reason:
Matthew Keller wrote:It's not a problem if you listen to the reason why it happens. It is very uncommon in the TCP world for a packet to just "disappear" with no reply at all. When you "portscan" a machine, if it has port 72 closed it will return an icmp packet telling you that the port is unreachable. nmap is "smart" enough to assume that the lack of any response means that the port is being blocked altogether. Ipfilter was very dumb, comparatively to Iptables. Ipfilter's "drop" was essentially the equivalent to a "reject" in Iptables as it didn't stop the IP stack from returning the icmp port unreachable message. Do a packet capture while portscanning and you'll see the difference. On Thu, 2002-02-28 at 07:53, Justin Piszcz wrote:He still didn't answer my question. DROP = IPtabels shows filtered ports. DROP = Ipfilter shows nothing. I've discussed this with about 10 people in #linux/EFNET. They believe it is an IPTables problem. Matthew Keller wrote:As you insisted on posting your original note to Bugtraq, it would be decent of you to print a retraction. On Thu, 2002-02-28 at 07:44, Negrea Mihai wrote:On Thursday 28 February 2002 02:34 pm, you wrote:Yes I understand that. I am using DROP. Why does it show filtered? As a drop policy on ipchains/ipfwadm, from what I've been told, is it drops the packet, does not reply back, and therefore should NOT show a filtered port.nmap guesses that the pachet has been filtered if it does not receive any answer from the scanned host & port That's why nmap shows filtered... and about the xmas and null scans just do a search on google with "xmas null iptables"-- Matthew Keller Enterprise System Analyst Computing & Technology Services Information Services Division State University of NY at Potsdam Potsdam, NY USA http://mattwork.potsdam.edu/-- Matthew Keller Enterprise System Analyst Computing & Technology Services Information Services Division State University of NY at Potsdam Potsdam, NY USA http://mattwork.potsdam.edu/-- Matthew Keller Enterprise System Analyst Computing & Technology Services Information Services Division State University of NY at Potsdam Potsdam, NY USA http://mattwork.potsdam.edu/
Current thread:
- [Fwd: BUG: [Kernel 2.4.18 - IP Tables 1.2.4] ?] Justin Piszcz (Mar 04)