bugzilla-daemon@netfilter.org
2003-Apr-17 13:47 UTC
[Bug 78] -m psd -j TARPIT returns all ports open from nmap
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=78 ------- Additional Comments From tools@die.net 2003-04-17 15:47 ------- Showing any ports open that are sent to it is the normal function of TARPIT target. The psd match will start routing all ports to it after it decides that an IP is portscanning, so this is the expected behavior. That being said, the psd match won't route any TCP ACK packets to the specified target. It seems to be trying to do this to keep from affecting outgoing connections, but its methodology is incompatible with the TARPIT target. The TARPIT target needs ACK packets to sustain the connection. Without them, the client will drop the connection quickly. ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@netfilter.org
2003-Apr-17 14:11 UTC
[Bug 78] -m psd -j TARPIT returns all ports open from nmap
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=78
laforge@netfilter.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tools@die.net
Status|NEW |RESOLVED
Product|iptables userspace |netfilter/iptables
Resolution| |WONTFIX
------- Additional Comments From laforge@netfilter.org 2003-04-17 16:11 -------
Since there is this incompatibility between 'psd' and 'TARPIT',
we should
probably document it (manpage/extensions-HOWTO/...).
I'm going to close this bugreport with WONTFIX.
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.