Date: Thu, 19 Oct 2000 15:24:03 -0600 (MDT) From: Nate Williams <nate@yogotech.com> To: Guy Helmer <ghelmer@cs.iastate.edu> Cc: Nate Williams <nate@yogotech.com>, freebsd-hackers@FreeBSD.ORG Subject: Re: IPFW bug/incoming TCP connections being let in. Message-ID: <200010192124.PAA25574@nomad.yogotech.com> In-Reply-To: <Pine.HPX.4.05.10010191605510.7292-100000@popeye.cs.iastate.edu> References: <200010192029.OAA25357@nomad.yogotech.com> <Pine.HPX.4.05.10010191605510.7292-100000@popeye.cs.iastate.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I had blocked incoming TCP connections coming into my network using > > IPFW, and I noticed that my brother was able to establish a Napster > > connection, even though I had blocked it earlier. > > > > I thought, no worries, I'll just block it at the port level. > > > > I read a couple of articles, and noted that connections from 8888 to the > > server should be blocked. > > > > Easy enough, I'll just block my clients from establishing connections to > > port 8888. > > > > Unfortunately, that doesn't work. Looking at tcpdump output, the > > 'server' appears to initiates a TCP connection from 8888 -> some random > > port. My firewall rules do *NOT* allow incoming TCP connections to be > > made to internal machines, since they only allow 'setup' packets to go > > out. > > > > So, how can Napster work? What happened to the 3-way handshake? I > > could see an issue if the OS's were hacked to get around this and not > > require a 3-way handshake, but the client in this case in a Win98 box. > > The remote napster client sends a message through the central Napster > server, which relays the message to your Napster client to tell your > machine to make a connection to the remote machine. This much I undertand. However, I'm not making any downloads, so my client isn't (yet) connecting to another client. I'm trying to block connections to the server. How is the client connecting to the server? I don't see *any* TCP setup packets being sent out by my client, so how is the client communicating with the server via TCP? (I *AM* seeing TCP packets being sent out, but they are being sent as 'established' connections, before a setup packet is being sent.) > The regular 3-way handshake is occurring. It's just not initiated by the > machine you would expect. The only way my client can work is if it initiates the connection, but I don't see it initiating a connection to port 8888. So, how then is the Napster server at port 8888 communicating with my client? > You'd have to block outgoing SYNs to any > outside host at port 8888 (but anyone who knows anything about ports could > change their port number and get around your block). That was what I did, but the rule is never being hit. However, there appears to be a connecting from my client to port 8888 on the server. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010192124.PAA25574>