hi all, I've got a project that involves marking TCP/IP sessions so that, at the TCP/IP level only (no layer 7 classification) it might be possible to reply to a request in a special way so that the requester will reply in an identifiable way.
Ahm, that's too abstract, here's an example. Let's say that i've got a router. It receives requests from the internet. There is a certain client that connects to a server on the inside of my firewall (passing through the router). the server on my inside tells the router that henceforth, it wants the router to identify all packets coming from the client so that they can be routed to another, special server on the inside (e.g., a honeypot, or a valuable server, it depends on the authentication credentials given to the internal server). If the client has its own IP, then there's no problem. But what if the client is behind NAT? or some sort of proxy, SOCKS or squid? Is it possible to mark the router's replies to the client so that the client will reply with similarly marked packets, thus making it possible to identify clients behind NAT? Or am I stuck and I'll just have to go with the IP or with peeling open the packets and looking for the authentication information there? Even that might not help, if the packets are encrypted. Ideally, what I'm looking for is, if a client has authenticated himself, I can put some extra information into the reply's header such that the client will reply in an identifiable way (e.g., with a related header entry that i can correlate with the mangled header that i sent over to it). I realize that this may be a fools errand, just thought I'd ask though, in case there's a way. Note: the mangling (if that's possible, or whatever other manipulations) will run on a router. the router won't be able to manipulate the packet payload, only the packet headers. Any suggestions or pointers to readings highly appreciated. Thanks a lot. tiger -- Gerald Timothy Quimpo [EMAIL PROTECTED] [EMAIL PROTECTED] http://bopolissimus.blogspot.com http://monotremetech.blogspot.com Public Key: "gpg --keyserver pgp.mit.edu --recv-keys 672F4C78" Doubt is not a pleasant condition, but certainty is absurd. Voltaire -- Gerald Timothy Quimpo [EMAIL PROTECTED] [EMAIL PROTECTED] http://bopolissimus.blogspot.com http://monotremetech.blogspot.com Public Key: "gpg --keyserver pgp.mit.edu --recv-keys 672F4C78" Love is an irresistible desire to be irresistibly desired. -- Robert Frost _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
