Matus, On Wed, Oct 31, 2007 at 02:21:04AM +0100, Matus Harvan wrote: > On Tue, Oct 30, 2007 at 09:04:11PM +0100, Jeremie Le Hen wrote: > > I can think of a possible implementation of mtund(8) without kernel > > patching. The next pf(4) import from OpenBSD will likely allow to log > > to some particular pflog(4) interface (instead of the default pflog0). > > > > It will then be possible to create a couple of rules matching one or > > more ranges of ports and logging to, say, pflog1. Reading on the > > latter, mtund(8) will immediately open a socket bound to the > > corresponding port. This is a kind of port knocking. Thanks to TCP > > retransmission algorithm or mtunc(1)'s cleverness in case of UDP socket, > > the second packet should hit mtund(8). > > > > One downside is that it requires a bunch of configuration in pf.conf(5), > > so it may not be as straightforward to set up as one may have expected. > > > > I don't know TCP internals, it may affect TCP slow start or have some > > other minor drawbacks. But hey, we're talking about bypassing firewall > > :-)... > > If an RST packet is generated in response to the first TCP SYN packet, > then the firewall, which we're trying to pass, might decide that the > port in question is closed and delete/modify the state for the TCP > connection. If the RST packet hits the sender of the SYN packet then > there might be no retransmission as the sender would think the TCP > port is closed.
Yes, sorry. When I was writing this email I had in mind we need to use the blackhole functionnality but I forgot to mention it. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
