bugzilla-daemon@netfilter.org
2003-Apr-16 22:23 UTC
[Bug 78] New: -m psd -j TARPIT returns all ports open from nmap
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=78 Summary: -m psd -j TARPIT returns all ports open from nmap Product: iptables userspace Version: unspecified Platform: i386 OS/Version: RedHat Linux Status: NEW Severity: normal Priority: P2 Component: unknown AssignedTo: laforge@netfilter.org ReportedBy: mike.ely@phoenix.k12.or.us CC: netfilter-buglog@lists.netfilter.org Just got the extras from patch-o-matic and compiled 1.2.8 and everything in. My personal desire was to send portscans to the tarpit as mentioned in the subject. When I use the psd match to - DROP, it works fine. When I pick a particular port and tarpit it, that works great, too. But when I combine the two, and do an nmap run against the machine, it returns all but twelve ports as open! Naturally, it's not likely that this machine is really that open in this state, as many of the ports that are showing up as open are things like MSRDP, but it is disconcerting. And the tarpit doesn't seem to work at that point - the connections are dropped handily. Spec on the machine: Generic P II system RedHat 7.2 Custom kernelversion 2.4.18-27.7.x based upon rpm install of kernel-source from redhat. Iptables 1.2.8 ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.