I am running a firewall using ipchains 1.3.8 on a Slackware 4.0.0 Kernel
2.2.13. Although the kernel is compiled with SMB Filesystem enabled, I have
disabled smbd and nmbd, and have made sure those modules are not loaded in
the kernel.
However I'm seeing some strange behaviour when I test UDP scans against my
machine using nmap. Even though I am explicitly blocking UDP ports 137-139,
somehow the packets still get to the stack and is reported back to nmap as
being open. I have checked with "ipchains -C" and the packet is demonstrated
to be rejected, but real packets get through anyway. Checking the logs of a
UDP strobe from 130-140, I see 130-136 and 140 being logged as rejected, but
nothing for 137-139. It's as if the stack sees it and responds before
ipchains even has a chance to process it. Strange!
A sample of one the ipchains rules I tried for the UDP strobe:
ipchains -A input -p udp -s 0/0 -d 0/0 130:140 -l -j REJECT
Has anyone seen this behaviour before?
--
Gene Lee
[EMAIL PROTECTED]
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
