Re: icmp messages to spoofed addressacceptedby -m conntrack --ctstate

Linux Netfilter discussions
 help / color / mirror / Atom feed

* Re: icmp messages to spoofed addressacceptedby -m conntrack --ctstate
@ 2004-03-20  0:25 Jim Laurino
  2004-03-20 13:06 ` newbie question about kernel networking Saber zrelli
  0 siblings, 1 reply; 2+ messages in thread
From: Jim Laurino @ 2004-03-20  0:25 UTC (permalink / raw)
  To: netfilter list

Hi,

Well, yes, but my question is not whether
someone is spoofing my ip, but whether
the iptables connection tracking code
should match the icmp packet if there
was no packet sent out.

Will someone explain whether the
match is the expected behavior of this rule,
or if this match is a misuse of the conntrack
module by me.

Or is this possibly a bug in connection tracking?

What is this icmp packet related to?
What established connection does it match?
Could this rule match other protocols?
Could this be a risk?

If it is a bug,
or if no one knows,
I will report it.

I am grateful for the effort that the developers
have put into creating and maintaining iptables,
and I am simply trying to do my part to help
with the maintainence.

By the way, Antony, thanks for the jokes.
I have been trying to recall that last one
for years. It never gets old, only I do.

Jim Laurino

^ permalink raw reply	[flat|nested] 2+ messages in thread

* newbie question about kernel networking
  2004-03-20  0:25 icmp messages to spoofed addressacceptedby -m conntrack --ctstate Jim Laurino
@ 2004-03-20 13:06 ` Saber zrelli
  0 siblings, 0 replies; 2+ messages in thread
From: Saber zrelli @ 2004-03-20 13:06 UTC (permalink / raw)
  To: netfilter

hi people ,
my question is simple :
if i use some packet injection library like libnet to send a packet from
host A to host B , and libpcap to capture packets and monitor all network
traffik.
let's say i send TCP SYN packet (like if my host is establishing a TCP
connection with host B ), the host may answer with a SYN packet accepting
my connection , then two possibilities :

1 - the kernel will send RST packet to the host B coz the SYN packet from
host B be is assimilated as connection establishment
    request to a non existant service.
2 - the libpcap tool im using acts as a service and the kernel just
deliver the SYN packet from B to my sniffing tool without     
    taking any action like in 1.

in case 1 the kernel will generate an extra trafic i dont need .
in case 2 it acts transparently.

i think that case 2 is more correct , but i'm not sure.

Any comments greatly appreciated.

Regards.
-- 
  Saber Zrelli
  kanazawa university international house 
  kakuma-machi , kanazawa , Ishikawa 
  920-1192 Japan. 

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2004-03-20 13:06 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-03-20  0:25 icmp messages to spoofed addressacceptedby -m conntrack --ctstate Jim Laurino
2004-03-20 13:06 ` newbie question about kernel networking Saber zrelli

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox