Nmap Development mailing list archives
Re: Strange errors with nmap 4.68
From: Nathan <nathan.stocks () gmail com>
Date: Thu, 11 Dec 2008 14:44:09 -0700
On Thu, Dec 11, 2008 at 1:10 PM, Brandon Enright <bmenrigh () ucsd edu> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 11 Dec 2008 12:37:22 -0700 Nathan <nathan.stocks () gmail com> wrote:Yes! iptables is running. But it's pretty bare. I'm dropping all inbound packets destined for ports 1-10,240, with an extra rule to allow me to SSH in from my office. But if I'm reading the error right, it's complaining about a packet from port 57622 on the server to 36343 on the target, neither of which are in the 1-10240 range (???) Here's the output if I run "iptables-save" # Generated by iptables-save v1.4.0 on Thu Dec 11 12:31:44 2008 *filter :INPUT ACCEPT [1670029810:498255753315] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [4416085503:424141701772] -A INPUT -s [my-office-ip-address] -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m tcp --dport 1:10240 -j DROP COMMIT # Completed on Thu Dec 11 12:31:44 2008 ~ NathanOn a completly unrelated side-note, running iptables with connection tracking (the default) is a recipe for failure with Nmap. Depending on your kernel version, you'll want to look at either "/proc/net/ip_conntrack" or use the conntrack-tools userspace utilities. Once you've filled up your connection tracking table you'll be dropping packets like crazy. For one-off Nmap scans you should be fine, for lots of scanning though connection tracking *must* be off. Brandon
That sounds like exactly what's happening! A quick "cat /proc/net/ip_conntrack" spits out tons of connection tracking info. Do I have to turn that off in my kernel config (i.e. reconfigure/recompile my kernel) or is there a way to simply toggle it on/off? I'm currently on kernel 2.6.23. ~ Nathan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Strange errors with nmap 4.68 Nathan (Dec 11)
- Re: Strange errors with nmap 4.68 Ron (Dec 11)
- Re: Strange errors with nmap 4.68 Nathan (Dec 11)
- Re: Strange errors with nmap 4.68 Nathan (Dec 11)
- Re: Strange errors with nmap 4.68 Brandon Enright (Dec 11)
- Re: Strange errors with nmap 4.68 Nathan (Dec 11)
- Re: Strange errors with nmap 4.68 Ron (Dec 11)
- Re: Strange errors with nmap 4.68 Brandon Enright (Dec 11)
- Message not available
- Re: Strange errors with nmap 4.68 Nathan (Dec 11)
- Re: Strange errors with nmap 4.68 Fyodor (Dec 11)
- Re: Strange errors with nmap 4.68 Nathan (Dec 11)
- Re: Strange errors with nmap 4.68 Ron (Dec 11)