发表新帖
发表新帖

Unwanted RST TCP packet with Scapy

后端 未结
关注
3 1351
没有蜡笔的小新
没有蜡笔的小新 2020-12-01 14:19

In order to understand how TCP works, I tried to forge my own TCP SYN/SYN-ACK/ACK (based on the tutorial: http://www.thice.nl/creating-ack-get-packets-with-scapy/ ).

3条回答
  • 失恋的感觉
    失恋的感觉 (楼主)
    2020-12-01 14:23

    The article you cited makes this pretty clear...

    Since you are not completing the full TCP handshake your operating system might try to take control and can start sending RST (reset) packets, to avoid this we can use iptables:

    iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 192.168.1.20 -j DROP

    Essentially, the problem is that scapy runs in user space, and the linux kernel will receive the SYN-ACK first. The kernel will send a RST because it won't have a socket open on the port number in question, before you have a chance to do anything with scapy.

    The solution (as the blog mentions) is to firewall your kernel from sending a RST packet.

    0 讨论(0)
 看不清?
提交回复
热议问题