Vulnerability Development: [Fwd: BUG: [Kernel 2.4.18 - IP Tables 1.2.4] ?]

[Justin Piszcz <war () starband net>]

Real reason:

> > Matthew Keller wrote:
> >
> > >         It's not a problem if you listen to the reason why it happens. It is
> > > very uncommon in the TCP world for a packet to just "disappear" with no
> > > reply at all. When you "portscan" a machine, if it has port 72 closed it
> > > will return an icmp packet telling you that the port is unreachable.
> > > nmap is "smart" enough to assume that the lack of any response means
> > > that the port is being blocked altogether.
> > >         Ipfilter was very dumb, comparatively to Iptables. Ipfilter's "drop"
> > > was essentially the equivalent to a "reject" in Iptables as it didn't
> > > stop the IP stack from returning the icmp port unreachable message. Do a
> > > packet capture while portscanning and you'll see the difference.
> > >
> > > On Thu, 2002-02-28 at 07:53, Justin Piszcz wrote:
> > > > He still didn't answer my question.
> > > > DROP = IPtabels shows filtered ports.
> > > > DROP = Ipfilter shows nothing.
> > > >
> > > > I've discussed this with about 10 people in #linux/EFNET.
> > > > They believe it is an IPTables problem.
> > > >
> > > > Matthew Keller wrote:
> > > >
> > > > >         As you insisted on posting your original note to Bugtraq, it would be
> > > > > decent of you to print a retraction.
> > > > >
> > > > > On Thu, 2002-02-28 at 07:44, Negrea Mihai wrote:
> > > > > > On Thursday 28 February 2002 02:34 pm, you wrote:
> > > > > > > Yes I understand that.
> > > > > > > I am using DROP.
> > > > > > > Why does it show filtered?
> > > > > > > As a drop policy on ipchains/ipfwadm, from what I've been told, is it drops
> > > > > > > the packet, does not reply back, and therefore should NOT show a filtered
> > > > > > > port.
> > > > > > nmap guesses that the pachet has been filtered if it does not receive any
> > > > > > answer from the scanned host & port
> > > > > > That's why nmap shows filtered...
> > > > > > and about the xmas and null scans just do a search on google with "xmas null
> > > > > > iptables"
> > > > > --
> > > > >
> > > > > Matthew Keller
> > > > > Enterprise System Analyst
> > > > > Computing & Technology Services
> > > > > Information Services Division
> > > > > State University of NY at Potsdam
> > > > > Potsdam, NY USA
> > > > >
> > > > > http://mattwork.potsdam.edu/
> > > --
> > >
> > > Matthew Keller
> > > Enterprise System Analyst
> > > Computing & Technology Services
> > > Information Services Division
> > > State University of NY at Potsdam
> > > Potsdam, NY USA
> > >
> > > http://mattwork.potsdam.edu/
> --
>
> Matthew Keller
> Enterprise System Analyst
> Computing & Technology Services
> Information Services Division
> State University of NY at Potsdam
> Potsdam, NY USA
>
> http://mattwork.potsdam.edu/