a really good firewall admin colleague told me this about ipchains/nmap:
nmap has some flags that do partial packet scans w/o doing syn connections-
ipchains may not detect these
if ipchains is setup well (in/out/forward/masq/etc) there will be a
necessity to connect/request a service/port, that's where ipchains can
'kill the packet' and log it. the exploit may break through one chain but
has to contend w/ more chains as well (sort of like a maze w/ boobytraps)
nmap has a flag that is supposed to disguise a source port. there are other
tools that when putting the ethernet driver into promiscous mode will negate
this 'faked port' and go straight to the source of the exploiter
>
> Date: Wed, 2 Feb 2000 16:04:08 -0600
> From: "Pat Hayden" <[EMAIL PROTECTED]>
> Subject: better logging for IPCHAINS
>
> I have setup some strong rules for IPCHAINS, and have the default REJECT
> policy setup with logging, however I receive few entries in my logs when
I
> intentionally send "bad packets" to the server.
>
> Is there something more that I can do to receive more verbose logging?
> Also, do all NMAP scans slip under the radar of IPCHAINS?
>
> Thanks in advance!
>
> Pat Hayden
_______________________________________________________
Get 100% FREE Internet Access powered by Excite
Visit http://freeworld.excite.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
