Request target TARPIT support in kernel

Bug #78361 reported by Ketil Malde
26
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Low
Unassigned
linux-source-2.6.17 (Ubuntu)
Undecided
Unassigned
linux-source-2.6.22 (Ubuntu)
Low
Unassigned

Bug Description

Netfilter provides patch-o-matic patches that adds a target TARPIT that
sabotages network connections, which is useful in slowing down attackers
of various kinds. It'd be great to have this support in the kernel.

And, incidentally, the current iptables shipped with Edgy exhibits
the following behaviour:

   % sudo iptables -A INPUT -p tcp --dport 135 -j TARPIT
   Password:
   iptables: Unknown error 4294967295

No big deal, but not really nice either.

-k

Revision history for this message
Brian Murray (brian-murray) wrote :

I have confirmed the behaviour on Edgy. On Edgy /lib/iptables/libipt_TARPIT.so exists but add an iptables rule with the destination of tarpit errors with "iptables: Unknown error".

However, on Dapper /lib/iptables/libipt_TARPIT.so exists but the error is more informative. "iptables: No chain/target/match by that name"

Subsequently this seems to be a regression.

Revision history for this message
Kyle McMartin (kyle) wrote :

amd64?

Revision history for this message
Brian Murray (brian-murray) wrote :

Good question. Yeah, the Edgy was amd64 and the dapper wasn't.

Revision history for this message
Ketil Malde (ketil-ii) wrote :

Checked this on Feisty, it gives the Dapper error message. Still no kernel support, apparently (as of 2.6.20-16-386)

Revision history for this message
Brian Murray (brian-murray) wrote :

Tested on Gutsy with the same results.

Changed in linux-source-2.6.22:
assignee: nobody → ubuntu-kernel-team
importance: Undecided → Low
status: New → Triaged
Revision history for this message
Ketil Malde (ketil-ii) wrote :

There's a howto explaining how to install a custom kernel with patch-o-matic here:

  http://www.howforge.com/how-to-install-patch-o-matic-in-ubuntu

Haven't tested it, though.

-k

Revision history for this message
Brian Murray (brian-murray) wrote :

I am assigning this bug to the 'ubuntu-kernel-team' per their bug policy. For future reference you can learn more about their bug policy at https://wiki.ubuntu.com/KernelTeamBugPolicies .

Changed in linux-source-2.6.17:
assignee: nobody → ubuntu-kernel-team
Revision history for this message
Ketil Malde (ketil-ii) wrote :

Apparently, the patch-o-matic tarpit module is bit-rotted and unmaintained. However, there's a new xt_tarpit module that looks promising:

  http://<email address hidden>/7313437.html

An alternative approach might be to setup labrea (apt-get'able) on a virtual machine, and forward malicious traffic to it. That would at least require more state to be kept, so a kernel-level tarpit is preferable.

Revision history for this message
Sergio Zanchetta (primes2h) wrote :

The 18 month support period for Edgy Eft 6.10 has reached it's end of life. As a result, we are closing the linux-source-2.6.17 Edgy Eft kernel task. However, please note that this report will remain open against the actively developed kernel. Thank you for your continued support and help as we debug this issue.

Changed in linux-source-2.6.17:
status: Confirmed → Incomplete
status: Incomplete → Invalid
Revision history for this message
Sergio Zanchetta (primes2h) wrote :

Hardy Heron 8.04 was recently released. It would be helpful if you could test the new release and verify if this is still an issue - http://www.ubuntu.com/getubuntu/download . You should be able to test your bug using the LiveCD. Please let us know your results. Thanks.

Changed in linux:
status: New → Incomplete
Revision history for this message
Brian Murray (brian-murray) wrote :

I've confirmed this using kernel version 2.6.26-3 on Intrepid.

Changed in linux-source-2.6.22:
status: Triaged → Won't Fix
Changed in linux:
assignee: nobody → ubuntu-kernel-team
importance: Undecided → Low
status: Incomplete → Triaged
Revision history for this message
Leann Ogasawara (leannogasawara) wrote :

Does anyone know the status of getting this module merged upstream? It looks like the last attempt was from about a year ago. It would be great if this could be merged upstream first rather than the kernel team having to maintain out of tree patches. Thanks.

Changed in linux-source-2.6.17:
status: Invalid → Won't Fix
Revision history for this message
Leann Ogasawara (leannogasawara) wrote :

The Ubuntu Kernel Team is planning to move to the 2.6.27 kernel for the upcoming Intrepid Ibex 8.10 release. As a result, the kernel team would appreciate it if you could please test this newer 2.6.27 Ubuntu kernel. There are one of two ways you should be able to test:

1) If you are comfortable installing packages on your own, the linux-image-2.6.27-* package is currently available for you to install and test.

--or--

2) The upcoming Alpha5 for Intrepid Ibex 8.10 will contain this newer 2.6.27 Ubuntu kernel. Alpha5 is set to be released Thursday Sept 4. Please watch http://www.ubuntu.com/testing for Alpha5 to be announced. You should then be able to test via a LiveCD.

Please let us know immediately if this newer 2.6.27 kernel resolves the bug reported here or if the issue remains. More importantly, please open a new bug report for each new bug/regression introduced by the 2.6.27 kernel and tag the bug report with 'linux-2.6.27'. Also, please specifically note if the issue does or does not appear in the 2.6.26 kernel. Thanks again, we really appreicate your help and feedback.

Revision history for this message
Frederic Urban (frederic-urban) wrote :

Well looks like it's not a bug, it's simply not supported anymore in the current ubuntu kernel, there is some patches for every kernel available here:
http://enterprise.bih.harvard.edu/pub/tarpit-updates/

It require to rebuild a whole kernel since i'm to lazy to do it, i'll wait or try on another distribution ;X

Revision history for this message
Launchpad Janitor (janitor) wrote : Kernel team bugs

Per a decision made by the Ubuntu Kernel Team, bugs will longer be assigned to the ubuntu-kernel-team in Launchpad as part of the bug triage process. The ubuntu-kernel-team is being unassigned from this bug report. Refer to https://wiki.ubuntu.com/KernelTeamBugPolicies for more information. Thanks.

Revision history for this message
Jeremy Foshee (jeremyfoshee) wrote :

This bug report was marked as Triaged a while ago but has not had any updated comments for quite some time. Please let us know if this issue remains in the current Ubuntu release, http://www.ubuntu.com/getubuntu/download . If the issue remains, click on the current status under the Status column and change the status back to "New". Thanks.

[This is an automated message. Apologies if it has reached you inappropriately; please just reply to this message indicating so.]

tags: added: kj-triage
Changed in linux (Ubuntu):
status: Triaged → Incomplete
Jonathan Davies (jpds)
Changed in linux (Ubuntu):
status: Incomplete → New
Revision history for this message
Leann Ogasawara (leannogasawara) wrote :

Can anyone provide feedback as to the current status of this getting upstream? The most recent patch seems to be against a much older 2.6.29 kernel (lucid is currently 2.6.32). At the moment, this is not something the Ubuntu kernel team will integrate nor maintain as an out of tree set of patches. This should really get upstream first if it's needed. Setting to Won't Fix for now.

Changed in linux (Ubuntu):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers