Hello,
On Mar 9 2007 11:54, Amin Azez wrote:
>> Adding a member to the ip_conntrack/nf_conntrack and sk_buff struct
>> would increase the struct sizes, and that would penalize users who do
>> not intend to use xt_portscan.
>
>I understand what you say but it sounds a bit like saying: "but we
jimmy píše v Pá 09. 03. 2007 v 13:37 +0530:
> Alan Cox wrote:
> >> Also note that the word 'chaostables' does not even appear in the patch,
> >> though xt_CHAOS does. Since we know that {xt,ipt}_[A-Z]+ are targets, we
> >> can safely assume that CHAOS does what it says - make fun of nmap.
> >
>
* Jan Engelhardt wrote, On 09/03/07 10:19:
> Hello,
>
> On Mar 9 2007 09:35, Amin Azez wrote:
>
>> * Jan Engelhardt wrote, On 08/03/07 20:26:
>>
>>> xt_portscan needs to keep track of what packets the machine has already
>>> seen. So on the first SYN, the connection is marked with "1".
Hello,
On Mar 9 2007 09:35, Amin Azez wrote:
>* Jan Engelhardt wrote, On 08/03/07 20:26:
>> xt_portscan needs to keep track of what packets the machine has already
>> seen. So on the first SYN, the connection is marked with "1". (Then we
>> send our SYN-ACK... and the connection turns
* Jan Engelhardt wrote, On 08/03/07 20:26:
> xt_portscan needs to keep track of what packets the machine has already
> seen. So on the first SYN, the connection is marked with "1". (Then we
> send our SYN-ACK... and the connection turns ESTABLISHED.) The next
> packet that is received will be
Alan Cox wrote:
Also note that the word 'chaostables' does not even appear in the patch,
though xt_CHAOS does. Since we know that {xt,ipt}_[A-Z]+ are targets, we
can safely assume that CHAOS does what it says - make fun of nmap.
"entropy" ?
"randomness"
fuzztables?
:-)
-
To unsubscribe
Alan Cox wrote:
Also note that the word 'chaostables' does not even appear in the patch,
though xt_CHAOS does. Since we know that {xt,ipt}_[A-Z]+ are targets, we
can safely assume that CHAOS does what it says - make fun of nmap.
entropy ?
randomness
fuzztables?
:-)
-
To unsubscribe from
* Jan Engelhardt wrote, On 08/03/07 20:26:
xt_portscan needs to keep track of what packets the machine has already
seen. So on the first SYN, the connection is marked with 1. (Then we
send our SYN-ACK... and the connection turns ESTABLISHED.) The next
packet that is received will be an ACK
Hello,
On Mar 9 2007 09:35, Amin Azez wrote:
* Jan Engelhardt wrote, On 08/03/07 20:26:
xt_portscan needs to keep track of what packets the machine has already
seen. So on the first SYN, the connection is marked with 1. (Then we
send our SYN-ACK... and the connection turns ESTABLISHED.) The
* Jan Engelhardt wrote, On 09/03/07 10:19:
Hello,
On Mar 9 2007 09:35, Amin Azez wrote:
* Jan Engelhardt wrote, On 08/03/07 20:26:
xt_portscan needs to keep track of what packets the machine has already
seen. So on the first SYN, the connection is marked with 1. (Then we
send
jimmy píše v Pá 09. 03. 2007 v 13:37 +0530:
Alan Cox wrote:
Also note that the word 'chaostables' does not even appear in the patch,
though xt_CHAOS does. Since we know that {xt,ipt}_[A-Z]+ are targets, we
can safely assume that CHAOS does what it says - make fun of nmap.
entropy ?
Hello,
On Mar 9 2007 11:54, Amin Azez wrote:
Adding a member to the ip_conntrack/nf_conntrack and sk_buff struct
would increase the struct sizes, and that would penalize users who do
not intend to use xt_portscan.
I understand what you say but it sounds a bit like saying: but we didn't
make
Hello,
On Thu, 08 Mar 2007 18:15:12 +0100, Patrick McHardy wrote:
Index: linux-2.6.21-rc3/net/netfilter/xt_CHAOS.c
+ /* Equivalent to:
+* -A chaos -m statistic --mode random --probability \
+* $reject_percentage -j REJECT --reject-with host-unreach;
+* -A
On Mar 8 2007 18:15, Patrick McHardy wrote:
>
>> Take xt_portscan as an example, which would require a minimum of 23
>> filtering rules (which cannot reproduce the module's action in its
>> fullest). 23 rules means we will be looping a bit in ipt_do_table() for
>> a single packet, repeatedly
Jan Engelhardt wrote:
>>>Index: linux-2.6.21-rc3/net/netfilter/xt_CHAOS.c
>>>+/* Equivalent to:
>>>+ * -A chaos -m statistic --mode random --probability \
>>>+ * $reject_percentage -j REJECT --reject-with host-unreach;
>>>+ * -A chaos -m statistic --mode random
> Also note that the word 'chaostables' does not even appear in the patch,
> though xt_CHAOS does. Since we know that {xt,ipt}_[A-Z]+ are targets, we
> can safely assume that CHAOS does what it says - make fun of nmap.
"entropy" ?
"randomness"
-
To unsubscribe from this list: send the line
(I suspect a mailserver issue on my side, since I did not receive the
replies from Alan or Patrick. But lkml.org has them, so I will be
replying to both them there.)
On Mar 8 2007 09:55, James Morris wrote:
>On Thu, 8 Mar 2007, Alan Cox wrote:
>
>> Any chance of tweaking the name - it's just
On Thu, 8 Mar 2007, Alan Cox wrote:
> Any chance of tweaking the name - it's just there is/was a chaosnet
> protocol/network system and you don't want people to assume that since
> its a chaosfilter its for chaosnet ?
That's exactly what I thought it was from the subject line.
- James
--
Jan Engelhardt wrote:
> Index: linux-2.6.21-rc3/net/netfilter/xt_CHAOS.c
> ===
> --- /dev/null
> +++ linux-2.6.21-rc3/net/netfilter/xt_CHAOS.c
> @@ -0,0 +1,184 @@
> +
> +static unsigned int xt_chaos_target(struct sk_buff **pskb,
> +
On Thu, 8 Mar 2007 07:35:05 +0100 (MET)
Jan Engelhardt <[EMAIL PROTECTED]> wrote:
> Hello netfilter-devel,
>
>
> I would like to submit chaostables (v0.5_svn23) for inclusion. Primary
> use is to detect, spoof and slowdown various sorts of port scans.
> Implementation details can be found at
(I suspect a mailserver issue on my side, since I did not receive the
replies from Alan or Patrick. But lkml.org has them, so I will be
replying to both them there.)
On Mar 8 2007 09:55, James Morris wrote:
On Thu, 8 Mar 2007, Alan Cox wrote:
Any chance of tweaking the name - it's just
Also note that the word 'chaostables' does not even appear in the patch,
though xt_CHAOS does. Since we know that {xt,ipt}_[A-Z]+ are targets, we
can safely assume that CHAOS does what it says - make fun of nmap.
entropy ?
randomness
-
To unsubscribe from this list: send the line
Jan Engelhardt wrote:
Index: linux-2.6.21-rc3/net/netfilter/xt_CHAOS.c
+/* Equivalent to:
+ * -A chaos -m statistic --mode random --probability \
+ * $reject_percentage -j REJECT --reject-with host-unreach;
+ * -A chaos -m statistic --mode random --probability \
+ *
On Mar 8 2007 18:15, Patrick McHardy wrote:
Take xt_portscan as an example, which would require a minimum of 23
filtering rules (which cannot reproduce the module's action in its
fullest). 23 rules means we will be looping a bit in ipt_do_table() for
a single packet, repeatedly checking
Hello,
On Thu, 08 Mar 2007 18:15:12 +0100, Patrick McHardy wrote:
Index: linux-2.6.21-rc3/net/netfilter/xt_CHAOS.c
+ /* Equivalent to:
+* -A chaos -m statistic --mode random --probability \
+* $reject_percentage -j REJECT --reject-with host-unreach;
+* -A chaos -m statistic
On Thu, 8 Mar 2007 07:35:05 +0100 (MET)
Jan Engelhardt [EMAIL PROTECTED] wrote:
Hello netfilter-devel,
I would like to submit chaostables (v0.5_svn23) for inclusion. Primary
use is to detect, spoof and slowdown various sorts of port scans.
Implementation details can be found at
Jan Engelhardt wrote:
Index: linux-2.6.21-rc3/net/netfilter/xt_CHAOS.c
===
--- /dev/null
+++ linux-2.6.21-rc3/net/netfilter/xt_CHAOS.c
@@ -0,0 +1,184 @@
+
+static unsigned int xt_chaos_target(struct sk_buff **pskb,
+const
On Thu, 8 Mar 2007, Alan Cox wrote:
Any chance of tweaking the name - it's just there is/was a chaosnet
protocol/network system and you don't want people to assume that since
its a chaosfilter its for chaosnet ?
That's exactly what I thought it was from the subject line.
- James
--
James
Hello netfilter-devel,
I would like to submit chaostables (v0.5_svn23) for inclusion. Primary
use is to detect, spoof and slowdown various sorts of port scans.
Implementation details can be found at http://jengelh.hopto.org/p/chaostables/
If you have any comments or suggestions, do not
Hello netfilter-devel,
I would like to submit chaostables (v0.5_svn23) for inclusion. Primary
use is to detect, spoof and slowdown various sorts of port scans.
Implementation details can be found at http://jengelh.hopto.org/p/chaostables/
If you have any comments or suggestions, do not
30 matches
Mail list logo