|
-
April 9th, 2005, 12:29 PM
#21
Did you upgrade your kernel ?
Have you ever built a custom kernel ? ( then upgraded to a stock kernel? )
Is it possible that your distro used to build all available targets as modules, then with the latest kernel stopped building it? ( I know FC3 does not build it with a default kernel, you have to build the kernel yourself. Maybe since updates for RH9 are now handled by Fedora Legacy they have done the same thing.)
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
-
April 9th, 2005, 07:44 PM
#22
Im not sure exactly but I think in the UK at least they count a counter attack as a seperate attack therefore making anything in the attack that would be illegal if you started it ilegal and you liable for any damages, also as posted its not always the bad guy 
-
April 11th, 2005, 10:17 AM
#23
Originally posted here by IKnowNot
Did you upgrade your kernel ?
Have you ever built a custom kernel ? ( then upgraded to a stock kernel? )
Is it possible that your distro used to build all available targets as modules, then with the latest kernel stopped building it? ( I know FC3 does not build it with a default kernel, you have to build the kernel yourself. Maybe since updates for RH9 are now handled by Fedora Legacy they have done the same thing.)
I have upgraded my kernel recently, and I'm sure that's what caused the problem. Both kernels were stock kernels and I'm now running FC3 on the box. It's not too much of a problem, I'm just using a DROP target now, but as I said, I got a preverse sense of satisfaction thinking of the skiddies slowly realinsing they were looking at data from their own box.
Originally posted here by hellforgedangel
Im not sure exactly but I think in the UK at least they count a counter attack as a seperate attack therefore making anything in the attack that would be illegal if you started it ilegal and you liable for any damages, also as posted its not always the bad guy
I beg to differ. I have not performed any action whatsoever, not have I configured any of my systems to perform any attacks or counter attacks. I have simply returned any packets sent to me back to the sender, but since I'm using a DROP target the issue isn't relevant.
Stev
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
April 11th, 2005, 11:40 AM
#24
I used to have a prog that did something back to anyone who tried to scan my machine. I can't remember what it was called but the icon looked like a big 'clown hand'. I think it sent back some packets which could hold a short message 'piss off' or something like that. I think I still have it on a cd somewhere. I've no idea if it actually worked or not.
I'd rather my machine just sat silent behind the firewall now rather than flag itself up as a target.
-
April 11th, 2005, 12:52 PM
#25
Originally posted here by Aspman
I'd rather my machine just sat silent behind the firewall now rather than flag itself up as a target.
Which is the mature & sensible approach that should be taken
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
April 11th, 2005, 04:38 PM
#26
Some time in the last few months the MIRROR target had been dropped by the netfilter team and my portsentry had been doing nothing!!!!! since /sbin/iptables -I INPUT -s $1 -j MIRROR errored...
I hope you got my point, and here in lies your quandary ....
I have upgraded my kernel recently, and I'm sure that's what caused the problem. Both kernels were stock kernels and I'm now running FC3 on the box.
I ran through the source quickly of both the latest version of NETFILTER [ 1.3.1 ] and the latest kernel.org source ( and all the change.logs since the 2.6.x kernel ) and found nowhere that they dropped the MIRROR target. I also checked FC3, and although it does not have the MIRROR ( ****, I’m drunk and can’t think! ) .... module built in the stock kernel it is still referenced. I found nowhere that the netfilter team had dropped it. I believe you can still use it if you build a custom kernel, even using the FC3 kernel-source.
If you really want to know I will build a custom kernel on FC3 and tell it to build the MIRROR module and let you know if it works ... just let me know. Hell, I’ll probably do it anyway within the next day or two, just because!
Although I have only used the MIRROR target in the past to thwart in-progress verbose scans, I do believe quiet a while ago I suggested a way to use the “ user space “ query to do the same thing. It was nice to see someone else had a similar idea!
Which is the mature & sensible approach that should be taken
Truer words never spoken, but what fun is that????
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
-
April 11th, 2005, 06:53 PM
#27
Originally posted here by IKnowNot
I ran through the source quickly of both the latest version of NETFILTER [ 1.3.1 ] and the latest kernel.org source ( and all the change.logs since the 2.6.x kernel ) and found nowhere that they dropped the MIRROR target. I also checked FC3, and although it does not have the MIRROR ( ****, I’m drunk and can’t think! ) .... module built in the stock kernel it is still referenced. I found nowhere that the netfilter team had dropped it. I believe you can still use it if you build a custom kernel, even using the FC3 kernel-source.
I'd come to that conclusion myself too, but downlading FC3 kernel source is a pain & I really couln't be bothered.
I and I can't find the link again where I found that the MIRROR target (module ipt_MIRROR.ko) had been dropped - Ahh here it is http://svn.clkao.org/svnweb/linux/lo...x25/ax25_dev.c
If you really want to know I will build a custom kernel on FC3 and tell it to build the MIRROR module and let you know if it works ... just let me know. Hell, I’ll probably do it anyway within the next day or two, just because!
Only do this if you're bored!
Although I have only used the MIRROR target in the past to thwart in-progress verbose scans, I do believe quiet a while ago I suggested a way to use the “ user space “ query to do the same thing. It was nice to see someone else had a similar idea!
Great minds....
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
April 12th, 2005, 08:06 AM
#28
Well, it seems they did drop the MIRROR target.
I downloaded the FC3 source ( 2.6.11 ) and it wasn’t there ....
So I downloaded iptables-1.3.1 ( the latest version, FC3 uses is 1.2.11 ).
Nope, not there.
BTW, I’m not bored, just curious.
It wasn’t a total loss though, I also used POM and installed a few other target modules. Since I haven’t used any FC distros for firewalls I haven’t done this yet. I want to see how the build will turn out and play with some of the new modules.
They are right though, the MIRROR target is dangerous. And imagine the slowdowns it would cause if everyone used it!
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
-
April 12th, 2005, 05:22 PM
#29
Been reading too much cyber-punk, methinks.
"Kuang grade 7, ready to launch! Cut their ICE! GOOOOOOOOOoooooooooooooooooo!"
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
