Vulnerability Development mailing list archives
Re: help: raw_ip socket and system implication
From: Dug Song <dugsong () monkey org>
Date: Tue, 20 Nov 2001 12:29:14 -0500
On Tue, Nov 20, 2001 at 05:36:23PM +0100, qgiorgi () respublica fr wrote:
so i have -> SYN <- SYN/ACK -> RST ( system part ) :( -> ACK ( my prog ) Does anybody have a mean to prevent the system to send this RST ?
use libdnet's fw interface to block the incoming SYN/ACK before you even send your SYN, if your system supports firewalling (via pf, ipf, ipfw, or ipchains): struct fw_rule rule; fw_t *fw; fw = fw_open(); memset(&rule, 0, sizeof(rule)); rule.op = FW_OP_BLOCK; /* block */ rule.direction = FW_DIR_IN; /* incoming */ rule.proto = IP_PROTO_TCP; /* TCP */ rule.sport[1] = TCP_PORT_MAX; /* any sport */ rule.dport[0] = rule.dport[1] = 666; /* to dport 666 */ fw_add(fw, &rule); /* Send SYN from port 666 */ ... fw_delete(fw, &rule); fw_close(fw); see http://libdnet.sourceforge.net/ for details... -d. --- http://www.monkey.org/~dugsong/
Current thread:
- help: raw_ip socket and system implication qgiorgi () respublica fr (Nov 20)
- Re: help: raw_ip socket and system implication Marc Soda (Nov 20)
- RE: help: raw_ip socket and system implication Dom De Vitto (Nov 21)
- Re: help: raw_ip socket and system implication Mordechai Ovits (Nov 20)
- Re: help: raw_ip socket and system implication Brian O'Berry (Nov 20)
- Re: help: raw_ip socket and system implication Dug Song (Nov 20)
- Re: help: raw_ip socket and system implication Izik (Nov 20)
- Re: help: raw_ip socket and system implication Dmitriy Kropivnitskiy (Nov 30)
- Re: help: raw_ip socket and system implication Marc Soda (Nov 20)