Re: IPChains leak for UDP!?
From: Sebastian Ip (9scki@qlink.queensu.ca)Date: 10/31/01
- Previous message: Jose Nazario: "Re: changing root account name"
- In reply to: Sanjeev B.S.: "IPChains leak for UDP!?"
- Next in thread: Alexander List: "Re: IPChains leak for UDP!?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200110311848.f9VImJA14489@gotak.dyn.dhs.org> From: Sebastian Ip <9scki@qlink.queensu.ca> To: "Sanjeev B.S." <sanjeev@mbu.iisc.ernet.in>, <focus-linux@securityfocus.com> Subject: Re: IPChains leak for UDP!? Date: Wed, 31 Oct 2001 13:47:46 -0500
As you are running 2.4.9 and RH 7.1 try using iptables instead of ipchains.
And if the problem lies with ipchains then it shouldn't appear with iptables.
Right?
Also what you are saying seems similar to what i saw before with ipchains and
a "stealth" scan with port sentry running. Basically because port sentry
listens on those ports sometimes a scanner will report that those ports are
open. It's actually been said somewhere on securityfocus.com (i think) that
things like portsentry isn't really all that useful. First off you do appear
to have more ports open then you do making you seems like a interesting
target. Second of all it's a possible cause of a DOS attack by blocking off
spoofed ips.
Snort is much better then port sentry.
Cheers
Sebastian Ip
- Previous message: Jose Nazario: "Re: changing root account name"
- In reply to: Sanjeev B.S.: "IPChains leak for UDP!?"
- Next in thread: Alexander List: "Re: IPChains leak for UDP!?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
