|
Hi Tyrel,
[... a lot of brabbeling ...]
You did a proof-of-concept, this is never clean, so no problem. We
can help you cleaning up the stuff.
> projects plus I'm currently researching a way to use the "stateful"
> firewalling code( stateful means that it keeps connection information for the
> established connections running through it, thus allowing the firewall to
> defeat stealth scan type attacks as seen by the nmap utility, which btw if
Wrong!!! Stateful packetfiltering doesn't necessarily prevent the TCP/IP
stack from sending out the needed information for fingerprinting or open
ports. Please read the man page of nmap and the passive-fingerprinting
howto from fyodor about this. And, no again, nmap doesn't run stealth
scan type attacks, never did and will never do. If stacks fail due to a
scan they're implemented wrong and should be fixed. If nmap closes your
link, play with the timing. nmap should be part of any security aware
person, dealing with todays network security.
> you haven't checked out is a bad ass utility which you can d/l from
> www.insecure.org) to allow for a fastest responce type scheduling
> algorithm... I don't really see why the code couldn't keep(or allow us to
Well, as far as I see the LVS code, there is already some kind of stateful
connection handling. On the other hand I have to admit that if you fake
sequence numbers and a SYN -> SYN/ACK timeshifted you could fill up the
LVS-table, maybe.
> derive) information about the responce time because the netfilter code also
> has the ability to shape bandwidth through an add on( the compleate details
The traffic bandwidth shaping IMHO isn't done by the netfilter code,
it's in the routing and QoS code. Netfilter can hook to the QoS code
and profit from it. But maybe we are also talking about completely
different things ;)
> of which I still need to read up on in the code) but at least it seems
> possible. Anyhow, I hope you like the code and I know there are may ways in
> which the work I have done can be imporved and I would like to see these
> things accomplished.
>
> Anyway, enough of my babble... here is a list of what comes in the package
> attached to this email...
Hmm, maybe it was to big ...
> Anyway, I know that some of this stuff is rough around the edges and maybe
> some is stuff is just a plain dirty hack but I would like to see it grow and
> mature, so if you have any suggestions about how I can imporve the stuff(
> beyond the normal stuff) I would really be appreciative. Also I don't have
> any formal education so everything I know I've had to teach myself(I'm only a
> freshman at Chico state and learning to program in java really dosen't have
> anything to do with this) so if you find any really really stupid errors or
> other stuff I apologize in advance.
;)
Best regards,
Roberto Nibali, ratz
--
mailto: `echo NrOatSz@xxxxxxxxx | sed 's/[NOSPAM]//g'`
|
