oan at frozentux.net
Thu Oct 27 12:04:50 CEST 2005
iptables and netfilter will not do the job, unless you are willing to
sacrifice stability and security. The problem is that the strings that
netfilter will see are broken down into smaller pieces. So the string
"iptables and netfilter" might actually be transmitted as "iptables and"
and then "netfilter" in a separate packet. On top of this, people might
try to intentionally break your filters by fragmenting the above string
into "i", "p", "t", ... etc packets.
The good thing to do in this case, is to wait until the TCP stream has
reached the application layer and has been reassembled properly. Hence,
you will want to either write your own proxy, or to use someone elses
If you want to use it, I just uploaded a tunnel/proxy program to
http://www.frozentux.net/stunnel.tgz. This is an unfinished program I
started on a couple of years ago. It is written in C. It is horribly
coded and pretty much sucks, but it has no memory leaks and might serve
as a starting point.
Have a nice day;).
On Thu, 2005-10-27 at 11:40 +0200, Marcin Giedz wrote:
> Dnia czwartek, 27 października 2005 11:09, Ruprecht Helms napisał:
> > Marcin Giedz wrote:
> > > I don't get it :(
> > > How with tcpdump as tcpdump is only dump traffic tool - as I know it
> > > can't change anything or I'm wrong?
> > You are right. As I know it only dump.
> > What you need is a hexeditor or you are looking for a tool that do
> > hexediting in the fly.
> > But that is offtopic in this list.
> But I really don't know where to start? Perhaps some did it earlier.
> > Regards,
> > Ruprecht
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : /pipermail/netfilter/attachments/20051027/c0a1da3b/attachment.pgp
More information about the netfilter