Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 19 Oct 2000 15:24:03 -0600 (MDT)
From:      Nate Williams <nate@yogotech.com>
To:        Guy Helmer <ghelmer@cs.iastate.edu>
Cc:        Nate Williams <nate@yogotech.com>, freebsd-hackers@FreeBSD.ORG
Subject:   Re: IPFW bug/incoming TCP connections being let in.
Message-ID:  <200010192124.PAA25574@nomad.yogotech.com>
In-Reply-To: <Pine.HPX.4.05.10010191605510.7292-100000@popeye.cs.iastate.edu>
References:  <200010192029.OAA25357@nomad.yogotech.com> <Pine.HPX.4.05.10010191605510.7292-100000@popeye.cs.iastate.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
> > I had blocked incoming TCP connections coming into my network using
> > IPFW, and I noticed that my brother was able to establish a Napster
> > connection, even though I had blocked it earlier.
> > 
> > I thought, no worries, I'll just block it at the port level.
> > 
> > I read a couple of articles, and noted that connections from 8888 to the
> > server should be blocked.
> > 
> > Easy enough, I'll just block my clients from establishing connections to
> > port 8888.
> > 
> > Unfortunately, that doesn't work.  Looking at tcpdump output, the
> > 'server' appears to initiates a TCP connection from 8888 -> some random
> > port.  My firewall rules do *NOT* allow incoming TCP connections to be
> > made to internal machines, since they only allow 'setup' packets to go
> > out.
> > 
> > So, how can Napster work?  What happened to the 3-way handshake?  I
> > could see an issue if the OS's were hacked to get around this and not
> > require a 3-way handshake, but the client in this case in a Win98 box.
> 
> The remote napster client sends a message through the central Napster
> server, which relays the message to your Napster client to tell your
> machine to make a connection to the remote machine.

This much I undertand.  However, I'm not making any downloads, so my
client isn't (yet) connecting to another client.  I'm trying to block
connections to the server.  How is the client connecting to the server?
I don't see *any* TCP setup packets being sent out by my client, so how
is the client communicating with the server via TCP?

(I *AM* seeing TCP packets being sent out, but they are being sent as
'established' connections, before a setup packet is being sent.)

> The regular 3-way handshake is occurring.  It's just not initiated by the
> machine you would expect.

The only way my client can work is if it initiates the connection, but I
don't see it initiating a connection to port 8888.

So, how then is the Napster server at port 8888 communicating with my client?

> You'd have to block outgoing SYNs to any
> outside host at port 8888 (but anyone who knows anything about ports could
> change their port number and get around your block).

That was what I did, but the rule is never being hit.  However, there
appears to be a connecting from my client to port 8888 on the server.




Nate


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010192124.PAA25574>