Vulnerability Development mailing list archives
RE: help: raw_ip socket and system implication
From: "Dom De Vitto" <Dom () DeVitto com>
Date: Wed, 21 Nov 2001 19:26:04 -0000
Hello? Using filters to block arbitary traffic is such a bad idea. If you know that what the src or dest ports and addresses are every time, then _maybe_, but let's hope you never want to send one of those packets yourself..... It's much simpler to use a separate IP address and just 'proxy arp' (or route) the traffic to your box, then the host stack won't interfere with your 'connection'. Dom - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Dom De Vitto Secure Technologies Ltd mailto:dom () devitto com Mob. +44 7855 805 271 http://www.devitto.com Fax. +44 8700 548 750 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -----Original Message----- From: Marc Soda [mailto:marc () aspre net] Sent: 20 November 2001 16:50 To: qgiorgi () respublica fr Cc: vuln-dev () securityfocus com Subject: Re: help: raw_ip socket and system implication The RST is coming from your own stack, which is not aware of the connection your trying to build. The easiest thing would probably to set up a firewall rule to drop RSTs to that box. Using, for example, IPTables or IPChains if your on a Linux box. On Tue, 20 Nov 2001, qgiorgi () respublica fr wrote:
hello, I am trying to figure out a problem i have seen with a tcp/ip stack of an equipement, but i need some help in order to finish my C code :) I read this mailing-list for quite a long time and i am sure there are some gurus here :)) I successfully emulate a tcp client for the three handshake with raw-ip socket (with all the tcp options, seq num etc.. i wanted ), but when i received the second packet the system send also a RST back to the host i am trying to connect to, which is for my system point of view an unsollicited SYN/ACK packet. so i have -> SYN <- SYN/ACK -> RST ( system part ) :( -> ACK ( my prog ) ... Does anybody have a mean to prevent the system to send this RST ? Any help will be appreciated :) Quentin. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Dcouvrez sur Respublica et sur les sites du Groupe Tiscali France une barre de navigation pour accder en 1 clic aux meilleurs contenus et services du Web. http://www.libertysurf.fr/minisite/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-- Marc Soda ASPRE, Inc. marc () aspre net http://www.aspre.net/
Current thread:
- help: raw_ip socket and system implication qgiorgi () respublica fr (Nov 20)
- Re: help: raw_ip socket and system implication Marc Soda (Nov 20)
- RE: help: raw_ip socket and system implication Dom De Vitto (Nov 21)
- Re: help: raw_ip socket and system implication Mordechai Ovits (Nov 20)
- Re: help: raw_ip socket and system implication Brian O'Berry (Nov 20)
- Re: help: raw_ip socket and system implication Dug Song (Nov 20)
- Re: help: raw_ip socket and system implication Izik (Nov 20)
- Re: help: raw_ip socket and system implication Dmitriy Kropivnitskiy (Nov 30)
- Re: help: raw_ip socket and system implication Marc Soda (Nov 20)