detection of the third tcp packet in a tcp connection setup
Maciej Soltysiak
solt@dns.toxicfilms.tv
Thu, 27 Jun 2002 20:57:51 +0200 (CEST)
> Does anyone have a good solution to catch the third (ACK) packet
> in a tcp connection setup?
# iptables -A INPUT -p tcp --tcp-flags ACK ACK -m recent --rcheck
--seconds 60 -j LOG --log-prefix "3rd is ack: "
# iptables -A INPUT -p tcp -m state --state NEW --syn -m recent --set -j
LOG --log-prefix "1st is syn: "
Would not it work?
First SYN packet triggers the recent module in the second rule.
Second (your) syn/ack goes on your OUTPUT.
Third ACK triggers the first rule.
I am not using recent, and i just made that up from the description.
But it seems reasonably.
Or does it?
Regards,
Maciej