LinuxSA Mailing list archives

Index: [thread] [date] [subject] [author] [stats]

  From: Richard Russell <richard@yellowgoanna.com>
  To  : <linuxsa@linuxsa.org.au>
  Date: Thu, 29 Nov 2001 14:56:06 +1030

nmap RTTVAR oddness

I have a client whom I've just set up with iptables. The rules are as
follows (basically, accept all existing and related connections, and
new icmp, anything on the internal (eth0), and ssh and smtp on
external (ppp0), and reject everything else). Pretty simply really:

(note that the question may not have anything to do with the actual
rules, but I include them for completeness.)


--------
[root@blah root]# iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
10637 3103K state_chk  all  --  any    any     anywhere             anywhere

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 1103  252K state_chk  all  --  any    any     anywhere             anywhere

Chain OUTPUT (policy ACCEPT 9378 packets, 2975K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain state_chk (2 references)
 pkts bytes target     prot opt in     out     source               destination
 8692 3175K ACCEPT     all  --  any    any     anywhere             anywhere           state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere           state NEW
  353 21322 ACCEPT     all  --  eth0   any     anywhere             anywhere           state NEW
    1    48 ACCEPT     tcp  --  ppp0   any     anywhere             anywhere           state NEW tcp dpt:ssh
    2   104 ACCEPT     tcp  --  ppp0   any     anywhere             anywhere           state NEW tcp dpt:smtp
 2692  158K REJECT     all  --  any    any     anywhere             anywhere           reject-with icmp-port-unreachable
[root@blah root]#
--------

now when I try to nmap this machine from my server, this is what I
get:

--------
me@myserver:~$ nmap blah.domain.com

Starting nmap V. 2.12 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
<.... and so on, each line taking ten seconds or more>
<until eventually, I get the expected outputm which is correct>
--------

Sometimes, nmap works almost instantly, but usually it does this. Is
this due to the connection being over a modem, and the link being
flooded at the time (which I beleive it is)? or is it something else?

TIA

rr

-- 
Richard Russell
Yellow Goanna Pty Ltd
e: richard@yellowgoanna.com
m: +61 412 827 805
f: +61 8 8462 2362

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject

Index: [thread] [date] [subject] [author] [stats]

Return to the LinuxSA Mailing List Information Page