IPTables Intermittent Stopping

[Jay]

On Mon, 7 Jan 2008, Shawn Badger wrote:

> I would check netstat during the scan to see if nmap is in fact
> connecting and I would also just watch the iptables service and see if
> you see it go away during the scan. These are just a couple places
> that I would start with.


Unfortunately, already tried this. The port scanners are connecting (they 
are accurately finding the open/closed/filtered ports). Tailing the logs 
during the scans, when hitting the server during a time iptables is not 
working, nothing is logged. However, port again a few seconds later and 
the server generates all kinds of logs of rejected packets.

It seems clear that intermittently, iptables in the kernel is just not 
doing anything with the packets, then it will kick in and start filtering, 
then it will stop again. Totally damn bizarre.

~JAy



>
> On Jan 7, 2008 12:12 PM, Jay <jay at kinetic.org> wrote:
>> On Mon, 7 Jan 2008, Joshua Zeidner wrote:
>>
>>>  That is not really a safe assumption.  Nmap is not really that
>>> accurate of an instrument.  If you are concerned for some other
>>
>>
>> I have tried two port scanners (one being nmap, and two versions of nmap
>> at that), from three source locations. All show the same behavior.
>> Regardless of whether nmap is great or not, it is certainly accurate
>> enough to tell if a given port is simply open/closed/filtered.
>> Nonetheless, I am seeing the same results from another port scanner too.
>>
>>
>> --
>>
>> ~Jay
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>

-- 
~Jay