Login or Register to Ask a Question and Join Our Community


Cybersecurity

blocking UDP packet

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity blocking UDP packet
# 1  
Old 03-30-2009
blocking UDP packet
I want to deny a particular malicious UDP packet. I can readily identify this packet from the rest by looking at the data section, where data offset 2 is 0xaa, data[5] is 0xbb, etc. Are there any tools or code samples that can do this?

Basically, instead of seeing the packet in the following tcpdump, I want to block it. I started to write a proxy but realized I would need to keep sessions and that's a nightmare. Is there an easier way to do this? The firewalls I've seen only block based on port, not on data payload.


tcpdump -i eth1 udp[2:1] = 0xaa and udp[5:2] = 0xbbcc
# 2  
Old 04-05-2009
Hey, from my understanding of how TCPDump and IPTables work, below is the path.

Internet > NIC > TCPDump > IPTables > Local System

Thus, blocking packets with IPTables will not stop them from showing in TCPDump.

Hope this helps!
# 3  
Old 04-06-2009
Correct, you will need to block the UDP traffic before it hits the local NIC, preferably via the nearest router or some IPS, if available.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Programming

Which are blocking and non-blocking api's in sockets in C ?

among the below socket programming api's, please let me know which are blocking and non-blocking. socket accept bind listen write read close (2 Replies)
Discussion started by: VSSajjan
2 Replies

2. AIX

Packet loss coming with big packet size ping

(5 Replies)
Discussion started by: Vishal_dba
5 Replies

3. UNIX for Advanced & Expert Users

ps blocking

Hi Folks I have been debugging a script that is called every thirty seconds. Basically it is doing a ps, well two actually, one to file (read by the getline below) and the other into a pipe. The one into the pipe is: - V_SYSVPS=/usr/sysv/bin/ps $V_SYSVPS -p$PIDLIST -o$PSARGS... (0 Replies)
Discussion started by: steadyonabix
0 Replies

4. UNIX for Dummies Questions & Answers

UDP

What's the command/options for UDP SOCK (Socket)? (5 Replies)
Discussion started by: Peevish
5 Replies

5. Windows & DOS: Issues & Discussions

UDP/ tunnel

Hi, I know tcp port tunneling can be done using ssh/putty. how about udp? I have a scenario where a license server handsout licenses to machines in that network ONLY. I have a windows machine in a different subnet and even though the client software can see license server, while using the... (6 Replies)
Discussion started by: upengan78
6 Replies

6. Shell Programming and Scripting

Non-blocking pipe

Hello, Would this be an acceptable way of creating a non-blocking pipe. Basically I want to create kind of a server client arch. This code would be in the server, and I don't want to have to wait for clients to read before moving on to the next client. One problem I can see is if... (4 Replies)
Discussion started by: cdlaforc
4 Replies

7. UNIX for Advanced & Expert Users

UDP errors

Hi, I can see "udpInOverflows" errors when I execute 'netstat -s' on my Solaris box. The number of errors are small - about 40. e.g. $ netstat -s|grep udp UDP udpInDatagrams =1249190732 udpInErrors = 0 udpOutDatagrams =31663030 udpOutErrors = 0... (1 Reply)
Discussion started by: chaandana
1 Replies

8. IP Networking

UDP sockets

hi... i have made this client server prog with UDP sockets but im not getting the output. the client sends the message but the server just keeps on waiting. Im running the prog an a solaris 10 box... server: main() { int sd; struct sockaddr_in server; char buf; int rc,len; ... (2 Replies)
Discussion started by: strider
2 Replies

9. UNIX for Dummies Questions & Answers

Blocking a Single IP

Hello, My problem thus follows: I am running a server which allows users to connect on UDP, not TCP. There is a certain hacker, whom I have the IP of, who keeps crashing the server. I simply want to block him from accessing my box at all. I added him to the hosts.deny file, but am not sure if... (4 Replies)
Discussion started by: Phobos
4 Replies

10. IP Networking

udp help?

hi all, newbie here, i'm working on mac os x and i'm trying to stream some info using udp from the terminal to another app that listens for osc messages on the same machine. but the man page on udp is pretty cryptic. my question is whether anyone has a recommendation for a good tutorial covering... (0 Replies)
Discussion started by: ohhmyhead
0 Replies
Login or Register to Ask a Question