|
Vulnerability Development
mailing list archives
Re: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5
From: Blue Boar <BlueBoar () thievco com>
Date: Wed, 14 Nov 2001 11:07:59 -0800
Would not the OS itself crash without the FW kernel module loaded whena UDP
scan was initiated? When the machine is running without the FW active, it
stays up fine.
Sounds like you answered your own question. :) All the evidence suggests
that the fault is in the firewall code. If a KLM dies, it's perfectly
capable of taking the kernel with it. At least when I've done it on
Solaris.. I assume Linux is the same.
I've tried the -T Paranoid switch; the system crashes with the VERY FIRST
UDP packet, regardless of which port it's sent to. I subsequently
re-enabled icmp, as a "before last" implied rule... And I see this:
Initiating UDP Scan against (64.80.176.11)
12:43:34.168842 nmap_source.58153 > fw_under_test.973: udp 0
12:43:34.274503 fw_under_test > nmap_source: icmp: 64.80.176.11 udp port 973
unreachable
And that's the last packet I get from the machine.
Meaning it crashes? Seems strange, you'd think Checkpoint would have
tried a UDP packet before they shipped...
Can anyone else confirm the results?
If I run nslookup on nmap_source, set my server to fw_under_test, and
attempt to resolve something (even though fw_under_test is not running a
nameserver), the fw_under_test does not crash. It merely replies with udp
port unreachable and stays up.
Must be something in particular with the conetns of the packet NMAP sends.
BB
 By Date 
By Thread
Current thread:
- Fw: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5, (continued)
| 
Intro
