Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: iptables: User

Packet scans, viruses, etc. -j QUEUE userland code wanted.

 

 

iptables user RSS feed   Index | Next | Previous | View Threaded


david at blue-labs

Aug 1, 2001, 10:47 PM

Post #1 of 2 (195 views)
Permalink
Packet scans, viruses, etc. -j QUEUE userland code wanted.

Ok, I've grokked all the emails about using the QUEUE target etc, my
question is; has anyone actually written anything similar to this yet
and willing to cough up the code, or are we all inventing this wheel on
our own?

I need a simple daemon that takes the packets from the kernel,
reconstructs the email, inspects it, and puts it back on the wire.

Does anyone have this critter already built or in process? Alternatively
with all the chatter about -j QUEUE, does anyone have template C code to
play with?

Thank you,
David


ian at dsl081-056-052

Aug 1, 2001, 11:17 PM

Post #2 of 2 (187 views)
Permalink
Re: Packet scans, viruses, etc. -j QUEUE userland code wanted. [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 01 August 2001 22:47, David Ford wrote:
> Ok, I've grokked all the emails about using the QUEUE target etc, my
> question is; has anyone actually written anything similar to this yet
> and willing to cough up the code, or are we all inventing this wheel on
> our own?
>
> I need a simple daemon that takes the packets from the kernel,
> reconstructs the email, inspects it, and puts it back on the wire.
>
> Does anyone have this critter already built or in process? Alternatively
> with all the chatter about -j QUEUE, does anyone have template C code to
> play with?

If you just want an example of how to call and use QUEUE look at the man page
for libipq. The simple example there is pretty much all you need.

It is trivial to grab the packets, grabbing a complete TCP session (an
incoming email delivery) will require that your daemon speak SMTP so that the
other side will play ball...you just rewrote sendmail.

I suppose you could sniff the sendmail session untill you see something you
don't like and then just tear it down by injecting RST's to both ends.

Am thinkink is easier to postprocess mail.

-----BEGIN PGP SIGNATURE-----
Comment: Keeping the world safe for geeks.

iD8DBQE7aPBywBVKl/Nci0oRAojbAJ4wAHYXKZBH82+HJe1ruZ1O3chfqACgmdqH
wqv94F+nFaufmOWRf8Rcn7o=
=dEN9
-----END PGP SIGNATURE-----

iptables user RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.