DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 29th January 2009
hamba hamba is offline
Fdisk Soldier
 
Join Date: Apr 2008
Posts: 71
Default nmap scans

Hi

I'm getting the following messages from nmap when pf is enabled. Once I disable pf they don't happen
Code:
sendto in send_ip_packet: sendto(7, packet, 44, 0, ip2, 16) => Operation not permitted
Offending packet: TCP ip1:49569 > ip2:16236 S ttl=54 id=43546 iplen=11264  seq=3073165861 win=3072 <mss 1460>
sendto in send_ip_packet: sendto(7, packet, 44, 0, ip2, 16) => Operation not permitted
Offending packet: TCP ip1:49569 > ip2:16235 S ttl=48 id=49636 iplen=11264  seq=3073165861 win=1024 <mss 1460>
sendto in send_ip_packet: sendto(7, packet, 44, 0, ip2, 16) => Operation not permitted
Offending packet: TCP ip1:49569 > ip2:16234 S ttl=57 id=13781 iplen=11264  seq=3073165861 win=2048 <mss 1460>
sendto in send_ip_packet: sendto(7, packet, 44, 0, ip2, 16) => Operation not permitted
Offending packet: TCP ip1:49569 > ip2:16233 S ttl=40 id=32511 iplen=11264  seq=3073165861 win=1024 <mss 1460>
sendto in send_ip_packet: sendto(7, packet, 44, 0, ip2, 16) => Operation not permitted
Offending packet: TCP ip1:49569 > ip2:16232 S ttl=51 id=33388 iplen=11264  seq=3073165861 win=4096 <mss 1460>
sendto in send_ip_packet: sendto(7, packet, 44, 0, ip2, 16) => Operation not permitted
Offending packet: TCP ip1:49569 > ip2:16231 S ttl=55 id=41392 iplen=11264  seq=3073165861 win=4096 <mss 1460>
sendto in send_ip_packet: sendto(7, packet, 44, 0, ip2, 16) => Operation not permitted
Offending packet: TCP ip1:49571 > ip2:16167 S ttl=47 id=35811 iplen=11264  seq=3073296935 win=4096 <mss 1460>
sendto in send_ip_packet: sendto(7, packet, 44, 0, ip2, 16) => Operation not permitted
Offending packet: TCP ip1:49571 > ip2:16166 S ttl=53 id=49936 iplen=11264  seq=3073296935 win=2048 <mss 1460>
sendto in send_ip_packet: sendto(7, packet, 44, 0, ip2, 16) => Operation not permitted
Offending packet: TCP ip1:49571 > ip2:16165 S ttl=51 id=3493 iplen=11264  seq=3073296935 win=4096 <mss 1460>
Omitting future Sendto error messages now that 10 have been shown.  Use -d2 if you really want to see them.
Increasing send delay for ip2 from 0 to 5 due to max_successful_tryno increase to 5
I am allowing everything to go out as you can see from the following rules.
Code:
# pass out all
pass out quick on $ext_if proto tcp all
pass out quick on $ext_if proto udp all
pass out quick on $ext_if proto icmp all
Does any one know how to get this fixed?

Thanks
hamba
Reply With Quote
  #2   (View Single Post)  
Old 29th January 2009
anomie's Avatar
anomie anomie is offline
Local
 
Join Date: Apr 2008
Location: Texas
Posts: 445
Default

A stab in the dark, but don't you want to keep state on those rules? e.g.

pass out on $ext_if proto { tcp, udp, icmp } all keep state

(This is assuming your version of FBSD & pf don't implicitly keep state already.)

---

P.S. If that's not working, maybe you should post your full pf ruleset and the full nmap scan command you're trying to run.
__________________
Kill your t.v.
Reply With Quote
  #3   (View Single Post)  
Old 29th January 2009
hamba hamba is offline
Fdisk Soldier
 
Join Date: Apr 2008
Posts: 71
Default

Hi

I'm using FreeBSD 7.1-STABLE and keep state is on by default
I've also tried setting it keep state but I still get the messages
Reply With Quote
  #4   (View Single Post)  
Old 2nd February 2009
hamba hamba is offline
Fdisk Soldier
 
Join Date: Apr 2008
Posts: 71
Default

hmm

I think there must be something messed up with my pf some where, I've installed nmap on another system and its giving me the same errors, both systems are using a very similar rule set.
The systems are running FreeBSD 7.1-STABLE build on Jan 22

Any ideas what else I can try
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
testing pf block all rules with Nmap. bsdnewbie999 OpenBSD General 1 25th March 2009 11:55 AM
How to apply patche for NMAP sniper007 FreeBSD Ports and Packages 3 27th January 2009 04:25 PM
nmap and ftp proxy problem hamba FreeBSD Security 2 22nd January 2009 01:33 PM


All times are GMT. The time now is 11:54 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick