Re: Strange errors with nmap 4.68

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 11 Dec 2008 12:37:22 -0700
Nathan <nathan.stocks () gmail com> wrote:

> Yes!  iptables is running.  But it's pretty bare.  I'm dropping all
> inbound packets destined for ports 1-10,240, with an extra rule to
> allow me to SSH in from my office.  But if I'm reading the error
> right, it's complaining about a packet from port 57622 on the server
> to 36343 on the target, neither of which are in the 1-10240 range
> (???)  Here's the output if I run "iptables-save"
>
> # Generated by iptables-save v1.4.0 on Thu Dec 11 12:31:44 2008
> *filter
> :INPUT ACCEPT [1670029810:498255753315]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [4416085503:424141701772]
> -A INPUT -s [my-office-ip-address] -p tcp -m tcp --dport 22 -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 1:10240 -j DROP
> COMMIT
> # Completed on Thu Dec 11 12:31:44 2008
>
> ~ Nathan

On a completly unrelated side-note, running iptables with connection
tracking (the default) is a recipe for failure with Nmap.  Depending on
your kernel version, you'll want to look at either

"/proc/net/ip_conntrack" or use the conntrack-tools userspace utilities.

Once you've filled up your connection tracking table you'll be dropping
packets like crazy.

For one-off Nmap scans you should be fine, for lots of scanning though
connection tracking *must* be off.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAklBc8UACgkQqaGPzAsl94KYzgCdEeTnQDHBPZ/KLObPTN01lgow
A0YAnRiELkGxMT9a0PSAxf+CicAZWeMQ
=4Kg7
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org