RE: spoofing source code in kernel
From: sepehr sohrabi [mailto:sepehr_soh;hotmail.com] Hi list Anyone has source code for spoofing (in kernel) for all input Tcp/IP packets .For any TCP/IP packet recieve it creates an ACK for it . someThing like spoofing GW CLIENT - GW --- server connections are spoofed THANX ipfw with a 'fwd' rule will let you do something like this. Run a user-mode application on port X, then do ipfw fwd localhost,X tcp from any to any recv myinterface and any inbound TCP connection will be terminated locally. --don ([EMAIL PROTECTED] www.sandvine.com p2p) To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-net in the body of the message
Re: spoofing source code in kernel
I had two at one stage.. they used two methods. 1/ divert to a daemon that does it... natd has 80% or the logic needed already. 2/ a netgraph node hooked on top of the ethernet interface. Unfortunatly I don't have either any more.. Eventually I figured out that I could use ipfw 'fwd' by forwarding to a dumb proxy. this emant that the tcp session was in fact terminated by the tcp stack in my machine and that emulated tcp perfectly :-) On Mon, 28 Oct 2002, sepehr sohrabi wrote: Hi list Anyone has source code for spoofing (in kernel) for all input Tcp/IP packets .For any TCP/IP packet recieve it creates an ACK for it . someThing like spoofing GW CLIENT - GW --- server connections are spoofed THANX _ Broadband? Dial-up? Get reliable MSN Internet Access. http://resourcecenter.msn.com/access/plans/default.asp To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-net in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-net in the body of the message
Re: spoofing source code in kernel
sepehr sohrabi wrote: Hi list Anyone has source code for spoofing (in kernel) for all input Tcp/IP packets .For any TCP/IP packet recieve it creates an ACK for it . someThing like spoofing GW CLIENT - GW --- server connections are spoofed Since the SYN bit has to be set for the initial three-way handshake, blindly ACK'ing isn't going to get you anything. Except maybe ACK's to things you shouldn't be ACK'ing in the first place. On a general note, ACK'ing in the interrupt handler is about the most stupid thing you can possibly do, and it's not going to be any faster. -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-net in the body of the message
