Re: IPChains leak for UDP!?

From: Sebastian Ip (9scki@qlink.queensu.ca)
Date: 10/31/01


Message-Id: <200110311848.f9VImJA14489@gotak.dyn.dhs.org>
From: Sebastian Ip <9scki@qlink.queensu.ca>
To: "Sanjeev B.S." <sanjeev@mbu.iisc.ernet.in>, <focus-linux@securityfocus.com>
Subject: Re: IPChains leak for UDP!?
Date: Wed, 31 Oct 2001 13:47:46 -0500

As you are running 2.4.9 and RH 7.1 try using iptables instead of ipchains.
And if the problem lies with ipchains then it shouldn't appear with iptables.
Right?

Also what you are saying seems similar to what i saw before with ipchains and
a "stealth" scan with port sentry running. Basically because port sentry
listens on those ports sometimes a scanner will report that those ports are
open. It's actually been said somewhere on securityfocus.com (i think) that
things like portsentry isn't really all that useful. First off you do appear
to have more ports open then you do making you seems like a interesting
target. Second of all it's a possible cause of a DOS attack by blocking off
spoofed ips.

Snort is much better then port sentry.

Cheers

Sebastian Ip