Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: help: raw_ip socket and system implication

From: Dug Song <dugsong () monkey org>
Date: Tue, 20 Nov 2001 12:29:14 -0500
On Tue, Nov 20, 2001 at 05:36:23PM +0100, qgiorgi () respublica fr wrote:


so i have 
-> SYN 
<- SYN/ACK 
-> RST ( system part )  :( 
-> ACK ( my prog ) 

Does anybody have a mean to prevent the system to send this RST ? 


use libdnet's fw interface to block the incoming SYN/ACK before you
even send your SYN, if your system supports firewalling (via pf, ipf,
ipfw, or ipchains):

        struct fw_rule rule;
        fw_t *fw;

        fw = fw_open();

        memset(&rule, 0, sizeof(rule));
        rule.op = FW_OP_BLOCK;                  /* block        */
        rule.direction = FW_DIR_IN;             /* incoming     */
        rule.proto = IP_PROTO_TCP;              /* TCP          */
        rule.sport[1] = TCP_PORT_MAX;           /* any sport    */
        rule.dport[0] = rule.dport[1] = 666;    /* to dport 666 */

        fw_add(fw, &rule);

        /* Send SYN from port 666 */
        ...

        fw_delete(fw, &rule);
        fw_close(fw);

see http://libdnet.sourceforge.net/ for details...

-d.

---
http://www.monkey.org/~dugsong/
Previous By Date Next
Previous By Thread Next

Current thread: