Re: [PATCH] IPv4 TCP Security Improvement

Michael H. Warfield (mhw@wittsend.com)
Sat, 9 Jan 1999 10:46:10 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andi Cambeis: "ISSUE:CPU stepping printed at boot - but not in /proc/cpuinfo"
Previous message: Mike A. Harris: "2.2.0pre6 8390.c warnings:"

Joachim Baran enscribed thusly:
> Hello!

> I can't believe it, but it seems that my first message
> never has never arived... strange. So again:

> My patch changes the behavior of the IPv4 TCP source if
> a TCP packet to an unconnected socket arrives. The unpatched
> Linux sends than an ACK+RST - but this is used in scanners
> such as nmap to scan your system for open ports.

> So my Patch lets you choose via a config-option what you
> want. If you say Y to my patch those packets will be dropped
> and a logging message with level KERN_DEBUG is created:

How does this differ from using the firewall code with the deny
policy? You can also use the netlink option to feed bad packets to somewhere
else for processing.

For real fun, there are things like abacus sentry that can monitor
ports and take action (like shutting down the entire firewall) when scanned.

> 127.0.0.1 tried closed TCP socket port 24

> This output isn't very usefull, because everybody could
> use the decoy option of nmap - but I think it's better to
> know if something is going on - rather than hoping that
> you've everything in the right way up.

> Because this is my first patch - I'll surely have made
> mistakes. With this message I send a tgz file with my patch
> against 2.1.132. I think you could apply the patch in
> /usr/src/linux with tar xzOf patch-2.1.132-jb1.tgz |
> patch -p0
>
> I've tested it - it works for me. I hope it will get into
> the `real' series...
>
> Bye.
> --
> Joachim Baran jbaran@hildesheim.sgh-net.de
> Breslauerstr.18 http://prinz.hannover.sgh-net.de/~jbaran
> 31171 Mahlerten Network Administration
> Lower Saxony/Germany and Programming
>

[Attachment, skipping...]

-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Cambeis: "ISSUE:CPU stepping printed at boot - but not in /proc/cpuinfo"
Previous message: Mike A. Harris: "2.2.0pre6 8390.c warnings:"