[RndTbl] latest kernel rate limits icmp to different hosts? (** nmap shows bug! **)

[Trevor Cordes]

On 2016-12-01 Theodore Baschak wrote:
> Just ran this on a physical system at home with the following kernel:
> Linux hypnotoad 4.8.10-coldkernel-grsec-1 #1 SMP Tue Nov 22 19:05:17
> CST 2016 x86_64 GNU/Linux
> 
> I'm not running any iptables rules on this system at all, and I was
> able to run the test on a sample /24 without error. Then I modified
> the source to ping my entire internal /19, with the same result.

Weird!  I'm puzzled.  Must be something in my config (or iptables),
Fedora's patches, or Fedora's kernel tune default choices.

Can you send me the output of:
tail -c+1 `find /proc /sys -type f | grep icmp | grep -v '/proc/[0-9]'`

tail -c+1 `find /proc | grep -P 'net.*(limit|interv|max|conntrack)'\
|grep -vP '/proc/[0-9]|hop_lim|igmp|mldv|router|icmp|ip6frag|ipv6'`

(you can send offlist as it might be long)

That will let me see the tuning choices of your kernel.  Thanks!

On 2016-12-01 Wyatt Zacharias wrote:
> My two F23 boxes are only at 4.4.9 and 4.7.9. No problems with your
> script and nmap on them.
> 
> I'll see if I have time to do an update tonight and test with the
> newest kernel.

Thanks Wyatt!  I finally found one other hit on the net of a guy having
the same problem, from just a couple days ago.  He's on Ubuntu.  He
says the problem wasn't in 4.4 but was in 4.8.  If you can reproduce it
after kernel update to 4.8 then it looks like the change was between
4.7 and 4.8, I'll await your results.

(Boy, I hope it doesn't turn out to be some stupid iptables thing on my
end!)

Thanks guys!