Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: blocking UDP packet
Special Forums Cybersecurity blocking UDP packet Post 302302398 by amoeba on Monday 30th of March 2009 10:16:25 PM
Old 03-30-2009
blocking UDP packet
I want to deny a particular malicious UDP packet. I can readily identify this packet from the rest by looking at the data section, where data offset 2 is 0xaa, data[5] is 0xbb, etc. Are there any tools or code samples that can do this?

Basically, instead of seeing the packet in the following tcpdump, I want to block it. I started to write a proxy but realized I would need to keep sessions and that's a nightmare. Is there an easier way to do this? The firewalls I've seen only block based on port, not on data payload.


tcpdump -i eth1 udp[2:1] = 0xaa and udp[5:2] = 0xbbcc
 

10 More Discussions You Might Find Interesting

1. IP Networking

udp help?

hi all, newbie here, i'm working on mac os x and i'm trying to stream some info using udp from the terminal to another app that listens for osc messages on the same machine. but the man page on udp is pretty cryptic. my question is whether anyone has a recommendation for a good tutorial covering... (0 Replies)
Discussion started by: ohhmyhead
0 Replies

2. UNIX for Dummies Questions & Answers

Blocking a Single IP

Hello, My problem thus follows: I am running a server which allows users to connect on UDP, not TCP. There is a certain hacker, whom I have the IP of, who keeps crashing the server. I simply want to block him from accessing my box at all. I added him to the hosts.deny file, but am not sure if... (4 Replies)
Discussion started by: Phobos
4 Replies

3. IP Networking

UDP sockets

hi... i have made this client server prog with UDP sockets but im not getting the output. the client sends the message but the server just keeps on waiting. Im running the prog an a solaris 10 box... server: main() { int sd; struct sockaddr_in server; char buf; int rc,len; ... (2 Replies)
Discussion started by: strider
2 Replies

4. UNIX for Advanced & Expert Users

UDP errors

Hi, I can see "udpInOverflows" errors when I execute 'netstat -s' on my Solaris box. The number of errors are small - about 40. e.g. $ netstat -s|grep udp UDP udpInDatagrams =1249190732 udpInErrors = 0 udpOutDatagrams =31663030 udpOutErrors = 0... (1 Reply)
Discussion started by: chaandana
1 Replies

5. Shell Programming and Scripting

Non-blocking pipe

Hello, Would this be an acceptable way of creating a non-blocking pipe. Basically I want to create kind of a server client arch. This code would be in the server, and I don't want to have to wait for clients to read before moving on to the next client. One problem I can see is if... (4 Replies)
Discussion started by: cdlaforc
4 Replies

6. Windows & DOS: Issues & Discussions

UDP/ tunnel

Hi, I know tcp port tunneling can be done using ssh/putty. how about udp? I have a scenario where a license server handsout licenses to machines in that network ONLY. I have a windows machine in a different subnet and even though the client software can see license server, while using the... (6 Replies)
Discussion started by: upengan78
6 Replies

7. UNIX for Dummies Questions & Answers

UDP

What's the command/options for UDP SOCK (Socket)? (5 Replies)
Discussion started by: Peevish
5 Replies

8. UNIX for Advanced & Expert Users

ps blocking

Hi Folks I have been debugging a script that is called every thirty seconds. Basically it is doing a ps, well two actually, one to file (read by the getline below) and the other into a pipe. The one into the pipe is: - V_SYSVPS=/usr/sysv/bin/ps $V_SYSVPS -p$PIDLIST -o$PSARGS... (0 Replies)
Discussion started by: steadyonabix
0 Replies

9. AIX

Packet loss coming with big packet size ping

(5 Replies)
Discussion started by: Vishal_dba
5 Replies

10. Programming

Which are blocking and non-blocking api's in sockets in C ?

among the below socket programming api's, please let me know which are blocking and non-blocking. socket accept bind listen write read close (2 Replies)
Discussion started by: VSSajjan
2 Replies

LEARN ABOUT DEBIAN

ldns_pkt_edns

ldns(3) 						     Library Functions Manual							   ldns(3)

NAME

       ldns_pkt_edns,	 ldns_pkt_edns_udp_size,   ldns_pkt_edns_extended_rcode,   ldns_pkt_edns_version,   ldns_pkt_edns_z,   ldns_pkt_edns_data,
       ldns_pkt_set_edns_udp_size, ldns_pkt_set_edns_extended_rcode, ldns_pkt_set_edns_version, ldns_pkt_set_edns_z, ldns_pkt_set_edns_data-

SYNOPSIS

       #include <stdint.h>
       #include <stdbool.h>

       #include <ldns/ldns.h>

       bool ldns_pkt_edns(const ldns_pkt *packet);

       uint16_t ldns_pkt_edns_udp_size(const ldns_pkt *packet);

       uint8_t ldns_pkt_edns_extended_rcode(const ldns_pkt *packet);

       uint8_t ldns_pkt_edns_version(const ldns_pkt *packet);

       uint16_t ldns_pkt_edns_z(const ldns_pkt *packet);

       ldns_rdf* ldns_pkt_edns_data(const ldns_pkt *packet);

       void ldns_pkt_set_edns_udp_size(ldns_pkt *packet, uint16_t s);

       void ldns_pkt_set_edns_extended_rcode(ldns_pkt *packet, uint8_t c);

       void ldns_pkt_set_edns_version(ldns_pkt *packet, uint8_t v);

       void ldns_pkt_set_edns_z(ldns_pkt *packet, uint16_t z);

       void ldns_pkt_set_edns_data(ldns_pkt *packet, ldns_rdf *data);

DESCRIPTION

       ldns_pkt_edns() returns true if this packet needs and EDNS rr to be sent.  At the moment the only reason is an expected packet size  larger
	      than 512 bytes, but for instance dnssec would be a good reason too.

	      packet: the packet to check
	      Returns true if packet needs edns rr

       ldns_pkt_edns_udp_size() return the packet's edns udp size
	      packet: the packet
	      Returns the size

       ldns_pkt_edns_extended_rcode() return the packet's edns extended rcode
	      packet: the packet
	      Returns the rcode

       ldns_pkt_edns_version() return the packet's edns version
	      packet: the packet
	      Returns the version

       ldns_pkt_edns_z() return the packet's edns z value
	      packet: the packet
	      Returns the z value

       ldns_pkt_edns_data() return the packet's edns data
	      packet: the packet
	      Returns the data

       ldns_pkt_set_edns_udp_size() Set the packet's edns udp size
	      packet: the packet
	      s: the size

       ldns_pkt_set_edns_extended_rcode() Set the packet's edns extended rcode
	      packet: the packet
	      c: the code

       ldns_pkt_set_edns_version() Set the packet's edns version
	      packet: the packet
	      v: the version

       ldns_pkt_set_edns_z() Set the packet's edns z value
	      packet: the packet
	      z: the value

       ldns_pkt_set_edns_data() Set the packet's edns data
	      packet: the packet
	      data: the data

AUTHOR

       The ldns team at NLnet Labs. Which consists out of Jelte Jansen and Miek Gieben.

REPORTING BUGS

       Please report bugs to ldns-team@nlnetlabs.nl or in our bugzilla at http://www.nlnetlabs.nl/bugs/index.html

COPYRIGHT

       Copyright (c) 2004 - 2006 NLnet Labs.

       Licensed under the BSD License. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

SEE ALSO

       ldns_pkt.  And perldoc Net::DNS, RFC1034, RFC1035, RFC4033, RFC4034  and RFC4035.

REMARKS

       This manpage was automaticly generated from the ldns source code by use of Doxygen and some perl.

								    30 May 2006 							   ldns(3)
All times are GMT -4. The time now is 04:55 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy