Re: a very strange problem !!??

Sun, 21 Apr 2002 04:32:22 -0700 

On Tue, Apr 16, 2002 at 11:18:38PM +0200, Martin Jinnestrand wrote:
> Hi 
> 
> I have a very strange problem. I have a machine that runs Linux red hat 7.2 whith 
>kernel 2.4.18 and iptabels 1.2.6a. My fw script is at the bottom of this mail.
> 
> If I run a port scan on my fw mostly of the portscaning programs rebort
> nothing, because everything is closed. BUT if I use Nmap it reports the
> folowing:

This isn't caused by your fw script, but by your ISP. Here are tests done
with hping :

 * port 139/tcp

root@vaio:~# hping -S -T -t 14 -p 139 --tr-no-rtt --tr-stop 213.67.194.236
HPING 213.67.194.236 (eth0 213.67.194.236): S set, 40 headers + 0 data bytes
hop=14 TTL 0 during transit from ip=213.248.66.22 name=fre-b1-pos10-0.telia.net
hop=15 TTL 0 during transit from ip=213.64.62.182 name=u-b-c1-pos4-0.se.telia.net
hop=16 TTL 0 during transit from ip=62.20.131.166 name=vs-a-d1-pos7-2.se.telia.net
ICMP Packet filtered from ip=62.20.131.166 name=vs-a-d1-pos7-2.se.telia.net

--- 213.67.194.236 hping statistic ---
5 packets tramitted, 4 packets received, 20% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms

It's filtered by 62.20.131.166 at 17th hop

 * port 80/tcp

root@vaio:~# hping -S -T -t 14 -p 80 --tr-no-rtt --tr-stop 213.67.194.236
HPING 213.67.194.236 (eth0 213.67.194.236): S set, 40 headers + 0 data bytes
hop=14 TTL 0 during transit from ip=213.248.66.22 name=fre-b1-pos10-0.telia.net
hop=15 TTL 0 during transit from ip=213.64.62.182 name=u-b-c1-pos4-0.se.telia.net
hop=16 TTL 0 during transit from ip=62.20.131.166 name=vs-a-d1-pos7-2.se.telia.net
hop=17 TTL 0 during transit from ip=213.67.192.249 name=fls33o1112.telia.com
19: len=46 ip=213.67.194.236 ttl=239 DF id=0 flags=RA seq=8 win=0 rtt=133.6 ms

--- 213.67.194.236 hping statistic ---
9 packets tramitted, 5 packets received, 45% packet loss
round-trip min/avg/max = 133.6/133.6/133.6 ms

It's reseted at 19th hop

So you have to ask to telia.com to remove their filtering rules.

Denis Ducamp.

-- 
 [EMAIL PROTECTED] --- Herv� Schauer Consultants --- http://www.hsc.fr/
 Owl/Openwall/snort/hping/dsniff en fran�ais   http://www.groar.org/trad/
            Owl en fran�ais    http://www.openwall.com/Owl/fr/
 Du bon usage de ... http://usenet-fr.news.eu.org/fr-chartes/rfc1855.html

Reply via email to