ian at dsl081-056-052
Aug 1, 2001, 11:17 PM
Post #2 of 2
(133 views)
Permalink
|
|
Re: Packet scans, viruses, etc. -j QUEUE userland code wanted.
[In reply to]
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday 01 August 2001 22:47, David Ford wrote:
> Ok, I've grokked all the emails about using the QUEUE target etc, my
> question is; has anyone actually written anything similar to this yet
> and willing to cough up the code, or are we all inventing this wheel on
> our own?
>
> I need a simple daemon that takes the packets from the kernel,
> reconstructs the email, inspects it, and puts it back on the wire.
>
> Does anyone have this critter already built or in process? Alternatively
> with all the chatter about -j QUEUE, does anyone have template C code to
> play with?
If you just want an example of how to call and use QUEUE look at the man page
for libipq. The simple example there is pretty much all you need.
It is trivial to grab the packets, grabbing a complete TCP session (an
incoming email delivery) will require that your daemon speak SMTP so that the
other side will play ball...you just rewrote sendmail.
I suppose you could sniff the sendmail session untill you see something you
don't like and then just tear it down by injecting RST's to both ends.
Am thinkink is easier to postprocess mail.
-----BEGIN PGP SIGNATURE-----
Comment: Keeping the world safe for geeks.
iD8DBQE7aPBywBVKl/Nci0oRAojbAJ4wAHYXKZBH82+HJe1ruZ1O3chfqACgmdqH
wqv94F+nFaufmOWRf8Rcn7o=
=dEN9
-----END PGP SIGNATURE-----
|
