Have you tried recompiling the kernel and removing all the modules and
tidbits you do not really need, compacting it down to a nice little thing,
as kernels go, and then tested? Do your tests show the packets on the
wire and or hitting a boxen behind the testfirewall?
But, if you have not, do recomplie and stip that puppy down...
Thanks,
Ron DuFresne
On Wed, 17 Nov 1999, Gene Lee wrote:
> I am running a firewall using ipchains 1.3.8 on a Slackware 4.0.0 Kernel
> 2.2.13. Although the kernel is compiled with SMB Filesystem enabled, I have
> disabled smbd and nmbd, and have made sure those modules are not loaded in
> the kernel.
>
> However I'm seeing some strange behaviour when I test UDP scans against my
> machine using nmap. Even though I am explicitly blocking UDP ports 137-139,
> somehow the packets still get to the stack and is reported back to nmap as
> being open. I have checked with "ipchains -C" and the packet is demonstrated
> to be rejected, but real packets get through anyway. Checking the logs of a
> UDP strobe from 130-140, I see 130-136 and 140 being logged as rejected, but
> nothing for 137-139. It's as if the stack sees it and responds before
> ipchains even has a chance to process it. Strange!
>
> A sample of one the ipchains rules I tried for the UDP strobe:
>
> ipchains -A input -p udp -s 0/0 -d 0/0 130:140 -l -j REJECT
>
> Has anyone seen this behaviour before?
>
> --
> Gene Lee
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
