Re: patch: ip6tables

2002-02-21 Thread Andras Kis-Szabo
} } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, , , { 0 }, { 0 }, 0, 0, 0 }, +{ { { { 0 }, { 0 }, { 0 }, { 0 }, , , { 0 }, { 0 }, 0, 0, 0 }, Please, someone on the kernel side check these differences! Regards, kisza -- Andras Kis-Szabo Security Development, Design and Audit

[PATCH] howtos (resend)

2002-03-02 Thread Andras Kis-Szabo
Hi, - Hungarian FAQ update (sync) - SGML fix to FAQ regards, kisza -- Andras Kis-Szabo Security Development, Design and Audit -/Zorp, NetFilter and IPv6 [EMAIL PROTECTED] /-Member of the BUTE-MIS-SEARCHlab-- --- netfilter/FAQ

[PATCH] ah/esp ipv4 fixes

2002-03-20 Thread Andras Kis-Szabo
: how can I specify a signed and encrypted packet? (Ex. SPIs AH=101 ESP=120. The packet is: IPv4-AH-ESP) Regards, kisza -- Andras Kis-Szabo Security Development, Design and Audit -/ Zorp, NetFilter and IPv6 [EMAIL PROTECTED

[PATCH] AH/ESP IPv6 matches

2002-03-21 Thread Andras Kis-Szabo
, please test them, if You've got a lot of free time! :) 2. Extensions-HOWTO update for these matches (And added a status filed to the ipv6 extensions) 3. The CVS still borken, somehow the library did not renamed with the match ( agr - eui64) Regards, kisza -- Andras Kis-Szabo

RE: NewNat Patch help - broken CVS

2002-03-23 Thread Andras Kis-Szabo
-- Andras Kis-Szabo Security Development, Design and Audit -/ Zorp, NetFilter and IPv6 [EMAIL PROTECTED] /-- signature.asc Description: This is a digitally signed message part

[PATCH] tools/tcpreplay6

2002-03-24 Thread Andras Kis-Szabo
. (I've got some tcpdump files which can be resend with this tool) regards, kisza -- Andras Kis-Szabo Security Development, Design and Audit -/ Zorp, NetFilter and IPv6 [EMAIL PROTECTED] /-- diff -urN

Re: [PATCH] tools/tcpreplay6

2002-03-24 Thread Andras Kis-Szabo
header. (I've got some tcpdump files which can be resend with this tool) Cool, patch applied to CVS. Some example packet can be found at: http://www.securityaudit.hu/Netfilter/addons/TestPackets/ (used them for ipv6header, ah and esp matches) regards, kisza -- Andras Kis

[PATCH] IPv6 fragmentation hdr match

2002-03-25 Thread Andras Kis-Szabo
[--fragmore|--fraglast] there are more fragments or this is the last one Regards, kisza -- Andras Kis-Szabo Security Development, Design and Audit -/ Zorp, NetFilter and IPv6 [EMAIL PROTECTED

[PATCH] LOG target @ tunnel interfaces (SIT only)

2002-04-02 Thread Andras Kis-Szabo
and IPIP tunnels can be concerned, too! (The SIT implementation cloned from them. I haven't got configured gre and/or ipip tunnel :( ) Regards, kisza Harald: added 2 checks for the pointers inside the skb area. (mac under- and ip overflow checks) -- Andras Kis-Szabo Security

Re: ICMP time exceeded DNAT info leak ? (fwd)

2002-04-03 Thread Andras Kis-Szabo
): iptables -t nat -A PREROUTING -p tcp --dport 666 -m ttl --ttl-gt 4 -j DNAT --to 172.16.3.26:22 iptables -t nat -A PREROUTING -m ttl --ttl-lt 5 -j LOG --log-prefix Evil hax0r (So it is not hardcoded as in IPFilter ... ) Regards, kisza -- Andras Kis-Szabo Security Development

Re: [Fwd: Re: IPv6 MAC logging buggy bei Tunnel-Interfaces?]

2002-04-10 Thread Andras Kis-Szabo
:4d:5d:aa:00:04:00:01:04:08:00 SITSRC=xxx.xxx.xx.xxx SITDST=yyy.yy.yyy.yyy SRC=2001:0200::4819:0210:f3ff:fe03:04d0 DST=3ffe:0b80:0002::::: LEN=104 TC=0 HOPLIMIT=54 FLOWLBL=0 PROTO=ICMPv6 TYPE=129 CODE=0 ID=49685 SEQ=512 Regards, kisza -- Andras Kis-Szabo

Re: (FORWARD): iptables-restore bug

2002-04-10 Thread Andras Kis-Szabo
, and there isn't at the '-L' to avoid the spaces. Regards, kisza -- Andras Kis-Szabo Security Development, Design and Audit -/ Zorp, NetFilter and IPv6 [EMAIL PROTECTED] /-- diff -urN netfilter-old/userspace

[Q]: hotdrop

2002-04-16 Thread Andras Kis-Szabo
' is OK, but can I set the hotdrop or not? (w/o hotdrop=1, I simply discards the packet, with it, I deny the whole sending mechanism, the userspace gets back an 'operation not permitted' msg.) Regards, kisza -- Andras Kis-Szabo Security Development, Design and Audit

[PATCH] IPv6 routing hdr match + some fixes

2002-04-21 Thread Andras Kis-Szabo
/addons/TestPackets (1 truncated AH packet and 4 routing packets) Regards, kisza -- Andras Kis-Szabo Security Development, Design and Audit -/ Zorp, NetFilter and IPv6 [EMAIL PROTECTED] /-- diff -urN

[PATCH] sync 2 recent iptables.c changes

2002-05-05 Thread Andras Kis-Szabo
hi, - remove check of find_proto(), since do_command() can be called multiple times, and match will be loaded after first call. - remove the '-C' option (from help msgs) kisza -- Andras Kis-Szabo Security Development, Design and Audit -/Zorp

Re: mac source

2002-05-26 Thread Andras Kis-Szabo
-- Andras Kis-Szabo Security Development, Design and Audit -/Zorp, NetFilter and IPv6 [EMAIL PROTECTED] /-Member of the BUTE-MIS-SEARCHlab--

Re: [RFC] Re: another netfilter ICMP bug

2002-05-30 Thread Andras Kis-Szabo
. (In IPv6-ICMP the length-limit is ~1298 bytes, ...) kisza -- Andras Kis-Szabo Security Development, Design and Audit -/Zorp, NetFilter and IPv6 [EMAIL PROTECTED] /-Member of the BUTE-MIS-SEARCHlab--

Re: about REJECT target

2002-06-03 Thread Andras Kis-Szabo
it as soon as I find some free time. (My final exams - for MSc - are more important in these days and Jozsef is engaged in it, too.) Regards, kisza -- Andras Kis-Szabo Security Development, Design and Audit -/Zorp, NetFilter and IPv6 [EMAIL