Re: help: raw_ip socket and system implication

From: Dug Song (dugsongat_private)
Date: Tue Nov 20 2001 - 09:29:14 PST

Next message: Izik: "Re: help: raw_ip socket and system implication"

Previous message: Brian O'Berry: "Re: help: raw_ip socket and system implication"
In reply to: qgiorgiat_private: "help: raw_ip socket and system implication"
Next in thread: Izik: "Re: help: raw_ip socket and system implication"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 20, 2001 at 05:36:23PM +0100, qgiorgiat_private wrote:

> so i have 
> -> SYN 
> <- SYN/ACK 
> -> RST ( system part )  :( 
> -> ACK ( my prog ) 
> 
> Does anybody have a mean to prevent the system to send this RST ? 

use libdnet's fw interface to block the incoming SYN/ACK before you
even send your SYN, if your system supports firewalling (via pf, ipf,
ipfw, or ipchains):

	struct fw_rule rule;
	fw_t *fw;

	fw = fw_open();

	memset(&rule, 0, sizeof(rule));
	rule.op = FW_OP_BLOCK;			/* block	*/
	rule.direction = FW_DIR_IN;		/* incoming	*/
	rule.proto = IP_PROTO_TCP;		/* TCP		*/
	rule.sport[1] = TCP_PORT_MAX;		/* any sport	*/
	rule.dport[0] = rule.dport[1] = 666;	/* to dport 666	*/

	fw_add(fw, &rule);

	/* Send SYN from port 666 */
	...

	fw_delete(fw, &rule);
	fw_close(fw);

see http://libdnet.sourceforge.net/ for details...

-d.

---
http://www.monkey.org/~dugsong/

Next message: Izik: "Re: help: raw_ip socket and system implication"
Previous message: Brian O'Berry: "Re: help: raw_ip socket and system implication"
In reply to: qgiorgiat_private: "help: raw_ip socket and system implication"
Next in thread: Izik: "Re: help: raw_ip socket and system implication"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Nov 20 2001 - 10:38:52 PST