[RndTbl] latest kernel rate limits icmp to different hosts? (** nmap shows bug! **)

Wyatt Zacharias wyatt at magitech.ca
Fri Dec 2 09:25:26 CST 2016 

Updated my desktop to 4.8.10 (4.8.10-100.fc23.x86_64) last night. Trying
your perl script and the nmap command, both still work without error.

I do have iptables running on that box, but I don't have any rate limiting
rules of any kind.

I'll send you the kernel tuning parameters off list.

--
Wyatt Zacharias


On Thu, Dec 1, 2016 at 4:57 PM, Trevor Cordes <trevor at tecnopolis.ca> wrote:

> On 2016-12-01 Theodore Baschak wrote:
> > Just ran this on a physical system at home with the following kernel:
> > Linux hypnotoad 4.8.10-coldkernel-grsec-1 #1 SMP Tue Nov 22 19:05:17
> > CST 2016 x86_64 GNU/Linux
> >
> > I'm not running any iptables rules on this system at all, and I was
> > able to run the test on a sample /24 without error. Then I modified
> > the source to ping my entire internal /19, with the same result.
>
> Weird!  I'm puzzled.  Must be something in my config (or iptables),
> Fedora's patches, or Fedora's kernel tune default choices.
>
> Can you send me the output of:
> tail -c+1 `find /proc /sys -type f | grep icmp | grep -v '/proc/[0-9]'`
>
> tail -c+1 `find /proc | grep -P 'net.*(limit|interv|max|conntrack)'\
> |grep -vP '/proc/[0-9]|hop_lim|igmp|mldv|router|icmp|ip6frag|ipv6'`
>
> (you can send offlist as it might be long)
>
> That will let me see the tuning choices of your kernel.  Thanks!
>
> On 2016-12-01 Wyatt Zacharias wrote:
> > My two F23 boxes are only at 4.4.9 and 4.7.9. No problems with your
> > script and nmap on them.
> >
> > I'll see if I have time to do an update tonight and test with the
> > newest kernel.
>
> Thanks Wyatt!  I finally found one other hit on the net of a guy having
> the same problem, from just a couple days ago.  He's on Ubuntu.  He
> says the problem wasn't in 4.4 but was in 4.8.  If you can reproduce it
> after kernel update to 4.8 then it looks like the change was between
> 4.7 and 4.8, I'll await your results.
>
> (Boy, I hope it doesn't turn out to be some stupid iptables thing on my
> end!)
>
> Thanks guys!
> _______________________________________________
> Roundtable mailing list
> Roundtable at muug.ca
> https://muug.ca/mailman/listinfo/roundtable
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://muug.ca/pipermail/roundtable/attachments/20161202/8c3b20c8/attachment.html>

More information about the Roundtable mailing list