[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: Filtered vs closed
From:       Rusty Russell <rusty () linuxcare ! com ! au>
Date:       2001-01-31 10:29:51
[Download RAW message or body]

In message <20010129141412.B8965@comdyn.com.au> you write:
> Rusty Russell wrote:
> > This week, you can use "-p tcp -j REJECT --reject-with tcp-reset" as
> > well (REJECT the other protocols).  It's going to be pretty easy for
> > nmap to be enhanced to detect these fake RSTs though, so...
> 
> could these fake RSTs be made identical to real ones?
> 
> raf

Look through the RST generation code in the Linux kernel.  That means:
tcp_ipv4.c:tcp_v4_rcv() ->
tcp_ipv4.c:tcp_v4_send_reset() -> 
ip_output.c:ip_send_reply() ->
ip_output.c:ip_build_xmit() ->
ip_output.c:ip_reply_glue_bits()

Think of every case where the RST generated by the above 200+ lines of
complex code is different from my 120+ lines of code in ipt_REJECT.

Sure you found them all?  It only takes one to be different, and
you've lost.

Rusty.
--
Premature optmztion is rt of all evl. --DK

[prev in list] [next in list] [prev in thread] [next in thread]