Re: unclean match
On Tue, Aug 20, 2002 at 02:46:25PM +0200, Michael Kreilmeier wrote:
> well, that's kind of what I thought.
> Does this module make it unnecessary to filter out any bad combination
> of tcp-flags tha classic way?
you should realy read the source:
/usr/src/linux/net/ipv4/netfilter/ipt_unclean.c
it filters for example...
/* CHECK: TCP ports non-zero */
if (!tcph->source || !tcph->dest) {
limpk("Zero TCP ports %u/%u.\n",
htons(tcph->source), htons(tcph->dest));
return 0;
}
/* CHECK: TCP reserved bits zero. */
if(tcp_flag_word(tcph) & TCP_RESERVED_BITS) {
limpk("TCP reserved bits not zero\n");
return 0;
}
/* CHECK: TCP flags. */
tcpflags = (((u_int8_t *)tcph)[13] & ~(TH_ECE|TH_CWR));
if (tcpflags != TH_SYN
&& tcpflags != (TH_SYN|TH_ACK)
&& tcpflags != TH_RST
&& tcpflags != (TH_RST|TH_ACK)
&& tcpflags != (TH_RST|TH_ACK|TH_PUSH)
&& tcpflags != (TH_FIN|TH_ACK)
&& tcpflags != TH_ACK
&& tcpflags != (TH_ACK|TH_PUSH)
&& tcpflags != (TH_ACK|TH_URG)
&& tcpflags != (TH_ACK|TH_URG|TH_PUSH)
&& tcpflags != (TH_FIN|TH_ACK|TH_PUSH)
&& tcpflags != (TH_FIN|TH_ACK|TH_URG)
&& tcpflags != (TH_FIN|TH_ACK|TH_URG|TH_PUSH)) {
limpk("TCP flags bad: %u\n", tcpflags);
return 0;
}
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Reply to: