Changing your TCP/IP packets before they leave your PPP (Or external interface)...

Patrick Schaaf bof@bof.de
Wed, 16 Jan 2002 07:58:48 +0100 

> #1... My actual Eth MAC address is not used. (For now, I shouldnt worry
> since
>                  my external interface is a 56K modem/PPP)

ifconfig eth0 hwaddr ....

Now you have a _different_ actual eth MAC addr. Make sure it's unique
in your LAN, and you have gained a pseudo-security fuzzy-warm-feeling.

> #2... And my OS/Proxy version and details are not queried from some
> hacker...

This is an application level problem. Your application software sends
out that information, and there's no easy way for iptables to do anything
about it. A solution on the netfilter layer would amount to a protocol
analyzer and manipulator for each application protocol involved.

You can see what's going on easily: learn to use ethereal to SEE the
content of network packets as your applications generate them.

> #3...  and in a worse case scenario, I would like to have my PPP interface
> IP #
>                actually reported as a differant IP # (spoofing) but spoofed
> with an IP #
>                   that is just 1 or 2 numbers higher. Or is this morally
> wrong to do? ;-)

No, it is just impossible. Your single external IP address is absolutely
neccessary for communicating with the outside world - if you change it
in the packet headers, how are reply packets supposed to come back?
Apart from that, the topic is the same as in my answer for your question #2:
if the application protocol puts your IP address in the data part of its
application packets, then you'd have to write a full protocol analyzer and
manipulator for the protocol inside iptables. You don't really want that.

> I know Netfilter well enough to know that its probably possible to do these
> things

I strongly doubt that you know networking well enough to even start
dabbling with these things. Your questions clearly show that.

> incidently, I get into trouble with my firewall because I basically have
> everything opened
> and I simply close little holes here and there.

That's the wrong way round. Close everything, and carefully open what's
neccessary for your applications to work. If in doubt, forget that application.

BTW, please keep your lines down to 75 characters or something. Your mail
is awful to read.

best regards
  Patrick