RE: help: raw_ip socket and system implication
From: Dom De Vitto (Dom@DeVitto.com)Date: 11/21/01
- Previous message: 3APA3A: "Re: New Remote Hole found in Berkeley Fingerd!"
- In reply to: Marc Soda: "Re: help: raw_ip socket and system implication"
- Next in thread: Mordechai Ovits: "Re: help: raw_ip socket and system implication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Dom De Vitto" <Dom@DeVitto.com> To: <vuln-dev@securityfocus.com> Subject: RE: help: raw_ip socket and system implication Date: Wed, 21 Nov 2001 19:26:04 -0000 Message-ID: <NDBBJOKICOHGIJLJDFEJEEGFDFAA.Dom@DeVitto.com>
Hello?
Using filters to block arbitary traffic is such a bad idea.
If you know that what the src or dest ports and addresses are
every time, then _maybe_, but let's hope you never want to send
one of those packets yourself.....
It's much simpler to use a separate IP address and just
'proxy arp' (or route) the traffic to your box, then the host
stack won't interfere with your 'connection'.
Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dom De Vitto Secure Technologies Ltd
mailto:dom@devitto.com Mob. +44 7855 805 271
http://www.devitto.com Fax. +44 8700 548 750
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-----Original Message-----
From: Marc Soda [mailto:marc@aspre.net]
Sent: 20 November 2001 16:50
To: qgiorgi@respublica.fr
Cc: vuln-dev@securityfocus.com
Subject: Re: help: raw_ip socket and system implication
The RST is coming from your own stack, which is not aware of the
connection your trying to build. The easiest thing would probably to
set up a firewall rule to drop RSTs to that box. Using, for example,
IPTables or IPChains if your on a Linux box.
On Tue, 20 Nov 2001, qgiorgi@respublica.fr wrote:
> hello,
>
> I am trying to figure out a problem i have seen with a
> tcp/ip stack of an equipement, but i need some help in
> order to finish my C code :) I read this mailing-list
> for quite a long time and i am sure there are some
> gurus here :))
>
> I successfully emulate a tcp client for the three
> handshake with raw-ip socket (with all the tcp options,
> seq num etc.. i wanted ), but when i received the
> second packet the system send also a RST back to the
> host i am trying to connect to, which is for my system
> point of view an unsollicited SYN/ACK packet.
>
> so i have
> -> SYN
> <- SYN/ACK
> -> RST ( system part ) :(
> -> ACK ( my prog )
> ...
>
> Does anybody have a mean to prevent the system to send
> this RST ?
>
> Any help will be appreciated :)
>
> Quentin.
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Dcouvrez sur Respublica et sur les sites du Groupe Tiscali France
> une barre de navigation pour accder en 1 clic aux meilleurs contenus
> et services du Web.
>
> http://www.libertysurf.fr/minisite/
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
--Marc Soda ASPRE, Inc. marc@aspre.net http://www.aspre.net/
- Previous message: 3APA3A: "Re: New Remote Hole found in Berkeley Fingerd!"
- In reply to: Marc Soda: "Re: help: raw_ip socket and system implication"
- Next in thread: Mordechai Ovits: "Re: help: raw_ip socket and system implication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
