[14898] in bugtraq
Re: Ipchains!
daemon@ATHENA.MIT.EDU (Paul D. Carlucci)
Mon May 15 05:19:47 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <391A43C8.9B90F83A@carlucci.net>
Date: Thu, 11 May 2000 01:23:20 -0400
Reply-To: "Paul D. Carlucci" <paul@CARLUCCI.NET>
From: "Paul D. Carlucci" <paul@CARLUCCI.NET>
X-To: dparussalla@baysidegrp.com.au
To: BUGTRAQ@SECURITYFOCUS.COM
Wacky, I was unable to reproduce this. I've got Slack 4.0 with 2.2.11 +
international crypto goodies, and ipchains 1.3.8. I was unable to reproduce
this. I let this run for about 15 minutes and nothing bad happened.
Here's some stuff about my box:
<snip>
REJECT udp ----l- 0.0.0.0/0 0.0.0.0/0 * -> !1024:
65535
REJECT tcp -y--l- 0.0.0.0/0 0.0.0.0/0 * -> !1024:
65535
Chain forward (policy ACCEPT):
target prot opt source destination ports
MASQ tcp ------ 192.168.0.0/16 0.0.0.0/0 * -> *
MASQ udp ------ 192.168.0.0/16 0.0.0.0/0 * -> *
MASQ icmp ------ 192.168.0.0/16 0.0.0.0/0 * -> *
Chain output (policy ACCEPT):
gargoyle:~# uname -a
Linux gargoyle 2.2.11 #6 Tue Sep 28 18:49:31 EDT 1999 i586 unknown
gargoyle:~# ipchains --version
ipchains 1.3.8, 27-Oct-1998
gargoyle:~# uptime
1:34am up 26 days, 21:44, 3 users, load average: 2.56, 2.32, 1.38
gargoyle:~#
Dimuthu Parussalla wrote:
> Ipchains buffer overflow with debian 2.2.10 Kernel.
> --------------------------------------------------
>
> there is a buffer overflow hang in linux debian distributin kernel 2.2.10
> with ipchains 1.3.8, 27-Oct-1998.
>
> here is the explanation.
>
> We tested with a linux running with debian above version of kernel and
> ipchains. first we setup the linux box to handle IP Masquerading as follows.
>
> ipchains -A forward -j MASQ -s 192.168.0.0/16
>
> Then from a local workstation within the 192.168.0.0 network. We ssh to the
> linux box. and did the following
>
> $ping -f <ip.address>
>
> And we opend a another ssh session to the linux box and did the following
>
> $ping -l 6512121 <ip.address>
>
> After a few minutes. Ipchains hangs and the linux server hangs..
>
> Ipchains-patch.gz will fix the problem.
>
> ----------------------
> THE UNDERTAKER -> EFNET -> REAL CRACKING
>
> !!!REST IN PACE!!!!
