Re: spoofing source code in kernel
On Mon, Oct 28, 2002 at 03:34:58PM +0330, sepehr sohrabi wrote: > Hi list > Anyone has source code for spoofing (in kernel) for all input Tcp/IP > packets .For any TCP/IP packet recieve it creates an ACK for it . > someThing like spoofing GW > CLIENT <-> GW <---> server >connections are spoofed I tkink taht ng_ether is a good point to start for you ! -- _ __ __ / \ | | / / / \ / \ --- Tomasz Paszkowski -- | |\ \| | \ \ |/ \||/ \| === IPv4://3646987138 === IPNg://3ffe:8010:88::2 === /_/ \__/ /_/ \_/ \_/ Shakespeare William: ( 2B | ~ 2B ) = FF === To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
RE: spoofing source code in kernel
From: sepehr sohrabi [mailto:sepehr_soh@;hotmail.com] > > Hi list > Anyone has source code for spoofing (in kernel) for all input > Tcp/IP packets > .For any TCP/IP packet recieve it creates an ACK for it . > someThing like spoofing GW > CLIENT <-> GW <---> server > connections are spoofed > THANX ipfw with a 'fwd' rule will let you do something like this. Run a user-mode application on port X, then do ipfw fwd localhost,X tcp from any to any recv myinterface and any inbound TCP connection will be terminated locally. --don ([EMAIL PROTECTED] www.sandvine.com p2p) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: spoofing source code in kernel
ipfw allows you to catch the connections, but it doesn't enable your application to spoof the proxied connection as if it was coming straight from the client. Baldur On Monday 28 October 2002 15:01, you wrote: > From: sepehr sohrabi [mailto:sepehr_soh@;hotmail.com] > > > Hi list > > Anyone has source code for spoofing (in kernel) for all input > > Tcp/IP packets > > .For any TCP/IP packet recieve it creates an ACK for it . > > someThing like spoofing GW > > CLIENT <-> GW <---> server > > connections are spoofed > > THANX > > ipfw with a 'fwd' rule will let you do something like this. > Run a user-mode application on port X, then do > ipfw fwd localhost,X tcp from any to any recv myinterface > > and any inbound TCP connection will be terminated locally. > > --don ([EMAIL PROTECTED] www.sandvine.com p2p) > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: spoofing source code in kernel
I had two at one stage.. they used two methods. 1/ divert to a daemon that does it... natd has 80% or the logic needed already. 2/ a netgraph node hooked on top of the ethernet interface. Unfortunatly I don't have either any more.. Eventually I figured out that I could use ipfw 'fwd' by forwarding to a dumb proxy. this emant that the tcp session was in fact terminated by the tcp stack in my machine and that emulated tcp perfectly :-) On Mon, 28 Oct 2002, sepehr sohrabi wrote: > Hi list > Anyone has source code for spoofing (in kernel) for all input Tcp/IP packets > .For any TCP/IP packet recieve it creates an ACK for it . > someThing like spoofing GW > CLIENT <-> GW <---> server > connections are spoofed > THANX > > _ > Broadband? Dial-up? Get reliable MSN Internet Access. > http://resourcecenter.msn.com/access/plans/default.asp > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: spoofing source code in kernel
sepehr sohrabi wrote: > Hi list > Anyone has source code for spoofing (in kernel) for all input Tcp/IP packets > .For any TCP/IP packet recieve it creates an ACK for it . > someThing like spoofing GW > CLIENT <-> GW <---> server > connections are spoofed Since the SYN bit has to be set for the initial three-way handshake, blindly ACK'ing isn't going to get you anything. Except maybe ACK's to things you shouldn't be ACK'ing in the first place. On a general note, ACK'ing in the interrupt handler is about the most stupid thing you can possibly do, and it's not going to be any faster. -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
