Re: Stop process

[Todd MacDermid <tmacd () synacklabs net>]

There are a couple of ways you could do something like this.

First, you could use a proxy IP, ARPing for that IP address, and
forwarding any packets you want to your local machine. Rewrite the
source IP address to appear as if it is coming from the proxy
IP, and the dest to be the host's real IP.

Or, if you have a built-in firewall, you could update the rules to block
inbound (or outbound) responses. Then reinjecting the packets becomes
a matter of writing "beyond" the firewall, through raw ethernet writes
or the like.

I've actually written a library that does this kind of thing, BSD
license. The name is Packet Purgatory, and it's located at 
http://www.synacklabs.net/projects/packetp/

I haven't tested it on Windows, but it uses libpcap and libdnet, which
are portable, so hopefully porting issues would be minimal.

Todd

On Thu, May 27, 2004 at 02:11:00PM +0200, King Kong <kingkong21 () arcor de> stated:
> Hi all,
>
> I am a newbie so maybe this is a stupid question.
> I am writing my own honeypot for Windows. So far so good but when I try to 
> send back my data packets an answer from my Windows has already been made. 
> The packets (Blaster) arrive on port 135 on my machine. What process do I 
> have to stop and how to stop them so that my OS does not automatically send 
> any reply. I am using Windows (XP,2000,98)
>
> Thanks in advance
> KingKong