Firewall Wizards mailing list archives
Re: dirty packet tricks?
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Thu, 11 Jul 2002 01:45:12 -0400
Barney Wolff wrote:
Maybe I'm not understanding the problem correctly, but why can't a box with the standard (for FreeBSD) ipfw/natd combo do what you want?
Hmm... if I am able to put myself in the routing path then it's a straightforward problem to solve using the ancient techniques of the firewall transparency masters. ;) What I was thinking of doing was basically implementing the same thing as proxy transparency _without_ having to alter the routing topology of the network or place myself in the routing path as a bridge or whatever. It occurred to me the other day that this might be possible, which is why I am pursuing it at this moment. It'd be kind of cool: you could just tell your firewall "block all packets to XXX" and have this mystery box pick the traffic up, and then application-level proxy it without the end user being able to notice a thing. There are many fun applications for such a capability. ;) One correspondant pointed out to me that the firewall would have to be told not to send reset or unreachables to client machines or my scheme falls over right away. I'd forgotten about that. :(
If you can't control the inside routing, how could you ever force packets to come to your box in the first place?
That's really the meat of my question. I was thinking that I could suck 'em up promiscuously!! :) (Thanks to all who have responded directly to me on this thread. I'm having a blast trying to solve this problem and, while nobody has yet handed me an answer on a plate, I'm getting lots of good ideas for how to proceed!) mjr. --- Marcus J. Ranum http://www.ranum.com Computer and Communications Security mjr () ranum com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- dirty packet tricks? Marcus J. Ranum (Jul 10)
- Re: dirty packet tricks? Stephen D. B. Wolthusen (Jul 10)
- Re: dirty packet tricks? Barney Wolff (Jul 10)
- Re: dirty packet tricks? Marcus J. Ranum (Jul 11)
- Re: dirty packet tricks? Ryan Russell (Jul 11)
- Re: dirty packet tricks? Stephen D. B. Wolthusen (Jul 11)
- Re: dirty packet tricks? Ryan Russell (Jul 11)
- Re: dirty packet tricks? Nate Campi (Jul 11)
- Re: dirty packet tricks? Charles Swiger (Jul 11)
- Re: dirty packet tricks? Frank Knobbe (Jul 12)
- Re: dirty packet tricks? Marcus J. Ranum (Jul 11)
- Re: dirty packet tricks? John McDermott (Jul 11)
- Re: dirty packet tricks? Ryan Russell (Jul 11)
- <Possible follow-ups>
- Re: dirty packet tricks? Dana Nowell (Jul 12)