Yesterday, I was writing jolt.nasl and jolt2.nasl and discovered that my Linux desktop did not send any badly fragmented packet -- either too long (ping of death) or incomplere. My laptop was OK. The former is running a 2.4.20-gentoo-r5 kernel and the latter a "vanilla" kernel; maybe this is related to some kernel option, but I rather suspect one of the patches to be the cause.
So if you are running a non standard Linux kernel on his scanning machine, I suggest that you verify that some mysterious patch does not force the reassembly of all packets, even when the machine is not an IP router. For example, log in as root, launch "tcpdump -n icmp host target" and "nasl -t target jolt.nasl" This is not a big flaw, it will just break a couple of ACT_DENIAL or ACT_FLOOD scripts. -- [EMAIL PROTECTED] http://arboi.da.ru FAQNOPI de fr.comp.securite http://faqnopi.da.ru/
