[Bug 78] New: -m psd -j TARPIT returns all ports open from nmap

[bugzilla-daemon@netfilter.org]

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=78

           Summary: -m psd -j TARPIT returns all ports open from nmap
           Product: iptables userspace
           Version: unspecified
          Platform: i386
        OS/Version: RedHat Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: unknown
        AssignedTo: laforge@netfilter.org
        ReportedBy: mike.ely@phoenix.k12.or.us
                CC: netfilter-buglog@lists.netfilter.org


Just got the extras from patch-o-matic and compiled 1.2.8 and everything in.  My personal desire 
was to send portscans to the tarpit as mentioned in the subject.  When I use the psd match to -
DROP, it works fine.  When I pick a particular port and tarpit it, that works great, too.  But when I 
combine the two, and do an nmap run against the machine, it returns all but twelve ports as open!

Naturally, it's not likely that this machine is really that open in this state, as many of the ports that 
are showing up as open are things like MSRDP, but it is disconcerting.  And the tarpit doesn't seem 
to work at that point - the connections are dropped handily.

Spec on the machine:
Generic P II system
RedHat 7.2
Custom kernelversion 2.4.18-27.7.x based upon rpm install of kernel-source from redhat.
Iptables 1.2.8



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.