Re: IPChains leak for UDP!?

From: Sebastian Ip (9scki@qlink.queensu.ca)
Date: 10/31/01


Message-Id: <200110311848.f9VImJA14489@gotak.dyn.dhs.org>
From: Sebastian Ip <9scki@qlink.queensu.ca>
To: "Sanjeev B.S." <sanjeev@mbu.iisc.ernet.in>, <focus-linux@securityfocus.com>
Subject: Re: IPChains leak for UDP!?
Date: Wed, 31 Oct 2001 13:47:46 -0500

As you are running 2.4.9 and RH 7.1 try using iptables instead of ipchains.
And if the problem lies with ipchains then it shouldn't appear with iptables.
Right?

Also what you are saying seems similar to what i saw before with ipchains and
a "stealth" scan with port sentry running. Basically because port sentry
listens on those ports sometimes a scanner will report that those ports are
open. It's actually been said somewhere on securityfocus.com (i think) that
things like portsentry isn't really all that useful. First off you do appear
to have more ports open then you do making you seems like a interesting
target. Second of all it's a possible cause of a DOS attack by blocking off
spoofed ips.

Snort is much better then port sentry.

Cheers

Sebastian Ip



Relevant Pages

  • Re: Prevent access to linux server when mac adress does not match ip adress
    ... Iptables has much more features than ipchain. ... Prior to the 2.2.x kernel, the firewall was controlled by "ipfwadm". ... introduced the IPCHAINS tool to control that. ... Often the upgrade is too big and bulky for the older ...
    (comp.os.linux.networking)
  • Re: IPChains with RH 9? "Protocol not available"
    ... Yes, iptables is way more versatile than ipchains, and ipchains ... is no longer supported in the redhat kernel by default. ... is RH 9 stock kernel still support ipchains? ...
    (RedHat)
  • Re: A Question On Ipchains Input Rules
    ... If RH72 allows using iptables instead of ipchains, ... return packets for any established connections, ... outbound SMTP sessions, you just allow outbound SMTP, and the ...
    (comp.os.linux.security)
  • Re: IPChains not working
    ... >>and changing a script from ipchains to iptables can take a while ... The only people for me are the mad ones -- the ones who are mad to live, ... the ones who never yawn or say a commonplace thing, but burn, burn, burn ...
    (comp.os.linux.security)
  • Re: IPChains with RH 9? "Protocol not available"
    ... Iptables is now the default, but it looks like ipchains is still included. ... Red Hat firewall config tools to help out any more. ... Clemson University Math Sciences ...
    (RedHat)