From owner-freebsd-net Mon Oct 28 12:25:43 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F0FCF37B401 for ; Mon, 28 Oct 2002 12:25:42 -0800 (PST) Received: from swan.mail.pas.earthlink.net (swan.mail.pas.earthlink.net [207.217.120.123]) by mx1.FreeBSD.org (Postfix) with ESMTP id 907B543E4A for ; Mon, 28 Oct 2002 12:25:42 -0800 (PST) (envelope-from tlambert2@mindspring.com) Received: from pool0064.cvx22-bradley.dialup.earthlink.net ([209.179.198.64] helo=mindspring.com) by swan.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 186GSD-0006Yq-00; Mon, 28 Oct 2002 12:25:41 -0800 Message-ID: <3DBD9CF9.DCFBC8B0@mindspring.com> Date: Mon, 28 Oct 2002 12:24:25 -0800 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: sepehr sohrabi Cc: freebsd-net@freebsd.org Subject: Re: spoofing source code in kernel References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org sepehr sohrabi wrote: > Hi list > Anyone has source code for spoofing (in kernel) for all input Tcp/IP packets > .For any TCP/IP packet recieve it creates an ACK for it . > someThing like spoofing GW > CLIENT <-----> GW <-------> server > connections are spoofed Since the SYN bit has to be set for the initial three-way handshake, blindly ACK'ing isn't going to get you anything. Except maybe ACK's to things you shouldn't be ACK'ing in the first place. On a general note, ACK'ing in the interrupt handler is about the most stupid thing you can possibly do, and it's not going to be any faster. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message