Vulnerability Development mailing list archives
Re: Retransmissions while blocking TCP Stack's RST?
From: Dan Kaminsky <dan () doxpara com>
Date: Wed, 30 Oct 2002 13:42:24 -0800
Actually, it's mildly convenient having the kernel send RSTs for me. Simplifies my network auditor significantly -- receiver doesn't need to send any packets.This doesn't address the issue of keeping the originating machine from trying to take part in the replayed TCP session. The question isn't how to replay the data, it's how to keep the originating host from screwing it up by tearing down the illigitimate connection. One easy way to do this would be to setup iptables to block outbound TCP packets that have the RST flag set (of course, this would mess up replayed data which contains RSTs..but I'm sure you can think of creative solutions for that :)
The definitive way to shut the kernel up is to throw your userspace stack on a different IP, behind a NAT box if necessary.
BTW -- I'm thinking about simple, lower/upper case streams of hex, terminated by newlines, as a nice and hackable datastream for packet input/output. You'd run linkcat in listen mode and get something like
45 10 01 48 bb 0a 40 00 40 06 68 4f 0a 00 01 0b 0a 00 01 0b 0a 00 01 3c ... 45 00 00 28 15 1b 40 00 80 06 cf 6e 0a 00 01 3c 0a 00 01 0b 12 6c 00 16 ......which you could then read using whatever text parser you had handy, modify, and spit back out in equivalent form through linkcat's send mode. Any thoughts? Should I have no spaces by default? Whatcha want?
--Dan www.doxpara.com
Current thread:
- Retransmissions while blocking TCP Stack's RST? Cynic (Oct 30)
- Re: Retransmissions while blocking TCP Stack's RST? Brad Arlt (Oct 30)
- Re: Retransmissions while blocking TCP Stack's RST? Jared Stanbrough (Oct 30)
- Re: Retransmissions while blocking TCP Stack's RST? Bryan Burns (Oct 30)
- Re: Retransmissions while blocking TCP Stack's RST? Dan Kaminsky (Oct 30)
- Re: Retransmissions while blocking TCP Stack's RST? Dan Hanson (Oct 30)
- Re: Retransmissions while blocking TCP Stack's RST? MA (Oct 31)
- Re: Retransmissions while blocking TCP Stack's RST? Jared Stanbrough (Oct 30)
- Re: Retransmissions while blocking TCP Stack's RST? Filipe Almeida (Oct 30)
- <Possible follow-ups>
- RE: Retransmissions while blocking TCP Stack's RST? Cynic (Oct 31)
- Re: Retransmissions while blocking TCP Stack's RST? Cynic (Oct 31)
- Re: Retransmissions while blocking TCP Stack's RST? Brad Arlt (Oct 30)