Nmap shows all ports open when -m psd -j TARPIT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is with kernelversion 2.4.18-27.7.x (redhat updated rpm sources with patches compiled in) and iptables 1.2.8. I got the patches from patch-o-matic, and everything compiled smoothly.

When I do
iptables -I INPUT -m psd -j DROP
it works - the psd module handily shuts down portscan connections. Also, when I do
iptables -I INPUT -p tcp --dport 25 -j TARPIT
any incoming connection to port 25 gets totally gooey - much fun for me.

However, when I do
iptables -I INPUT -p tcp -m psd -j TARPIT
and then run
nmap -vv -P0 iptables.box
against the machine, it reports all but about twelve ports as open! I know that the machine isn't running all those services, but this most certainly isn't the response I want.

Is this a logic error on my part, or a bug in the code, or what?

Specs:
Generic P II box
RedHat 7.2 with everything up2date and custom patched kernel listed above
nmap version 3.0

Thanks in advance,
Mike

PS: Posted the above to netfilter bugzilla, but it seems pretty quiet there.

---
[This E-mail scanned for viruses by Declude Virus]


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux