Package: scanssh
Version: 2.0-4
Severity: important
Got 2 ifaces on this box, bound to 2 different networks:
eth0: 192.168.0.0/24
eth1: 10.0.0.0/24
all properly setup.
When I run (from eth1:10.0.0.2):
scanssh 10.0.0.1
i get:
10.0.0.1:22 <timeout>
after a while. Still:
ssh 10.0.0.1
works as expected.
tcpdump shows:
192.168.0.2.41479 > 10.0.0.1.22: S [tcp sum ok]
Seems scanssh uses the wrong src addr. (192.168.0.2 instead of 10.0.0.2),
thus falling into a NAT trap (SYN ACK is dropped by the remote host):
DROP: IN=eth1 OUT= MAC=... SRC=10.0.0.1 DST=192.168.0.2 LEN=44 TOS=0x10
PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=22 DPT=3140 WINDOW=5840
RES=0x00 ACK SYN URGP=
That wouldn't happen if the correct 10.0.0.2 was used as the SYN packet
SRC address.
Cheers,
Cristian
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=C, LC_CTYPE= (charmap=ANSI_X3.4-1968)
Versions of packages scanssh depends on:
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libdumbnet1 1.8-1.3 A dumb, portable networking librar
ii libevent1 1.0b-1.1 An asynchronous event notification
ii libpcap0.7 0.7.2-7 System interface for user-level pa
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
