Re: question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2005-10-27 at 12:25 +0200, Marcin Giedz wrote:
> Dnia czwartek, 27 października 2005 12:04, Oskar Andreasson napisał:
> > Hi Marcin,
> >
> > iptables and netfilter will not do the job, unless you are willing to
> > sacrifice stability and security. The problem is that the strings that
> > netfilter will see are broken down into smaller pieces. So the string
> > "iptables and netfilter" might actually be transmitted as "iptables and"
> > and then "netfilter" in a separate packet. On top of this, people might
> > try to intentionally break your filters by fragmenting the above string
> > into "i", "p", "t", ... etc packets.
> >
> > The good thing to do in this case, is to wait until the TCP stream has
> > reached the application layer and has been reassembled properly. Hence,
> > you will want to either write your own proxy, or to use someone elses
> > proxy.
> >
> > If you want to use it, I just uploaded a tunnel/proxy program to
> > http://www.frozentux.net/stunnel.tgz. This is an unfinished program I
> > started on a couple of years ago. It is written in C. It is horribly
> > coded and pretty much sucks, but it has no memory leaks and might serve
> > as a starting point.
> 
> Great!!! Really thanks but I just can't reach your program - above address 
> doesn't work :( Could you please do something or send the program on my 
> private mail.
> 

Sorry about that, I got an urgent task on my desk and forgot to upload
the file:). It's uploaded now. Do note that this is just a very ugly
framework really, you need to do all the parsing etc on your own, and I
have a bad habit of not commenting work in progress projects... =)

> Thanks once again,
> Marcin
> 
> >
> > Have a nice day;).
> >
> > On Thu, 2005-10-27 at 11:40 +0200, Marcin Giedz wrote:
> > > Dnia czwartek, 27 października 2005 11:09, Ruprecht Helms napisał:
> > > > Marcin Giedz wrote:
> > > > > I don't get it :(
> > > > > How with tcpdump as tcpdump is only dump traffic tool - as I know it
> > > > > can't change anything or I'm wrong?
> > > >
> > > > You are right. As I know it only dump.
> > > > What you need is a hexeditor or you are looking for a tool that do
> > > > hexediting in the fly.
> > >
> > > Absolutely!
> > >
> > > > But that is offtopic in this list.
> > >
> > > But I really don't know where to start? Perhaps some did it earlier.
> > >
> > > Marcin
> > >
> > > > Regards,
> > > > Ruprecht

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux