I’ve decided to try to make a transparent bridge, that should
drop packet’s based on some weird rules. I have googled around a bit and couldn’t
find any information about what I would like to do. And therefore I now send a mail to this mailinglist
in hope that someone can either help me, or point me in the right direction. What I want to do is the following: Make a transparent bridge that starts dropping ICMP packets that are oversized(malicious icmp), drop all
syn packets that comes from spoofed hosts(non
existent ip’s), drop other obvious malicious
traffic. My problem is not dropping packets(hehe), the problem is dropping packets based on these
rules, so that legit icmp/syn traffic etc will not be
affected by the rules. I’ve done some testing with hogwash as transparent bridge to
intercept and block malicious packets. I was however not able to use hogwash to
drop icmp/syn based on above clearified
rules. If someone could point me in the right direction/maybe someone has some
examples(?) I would be very greatfull. Thanks in advance for any help. Your’s, Tor Inge
Kloumann Stfu-certified engineer |