Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

How to Drop Packet with Hex-String Iptables
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How to Drop Packet with Hex-String Iptables

yhuzayhuza Member
edited August 2015 in Help 
17:03:10.274551 IP (tos 0x0, ttl 89, id 6656, offset 0, flags [DF], proto TCP (6), length 52)
    94.73.253.181.57383 > 104.194.219.130.6410: Flags [.], cksum 0x100e (correct), seq 0, ack 1, win 131, options [nop,nop,TS val 125819447 ecr 1772061023], length 0
        0x0000:  0016 3e40 883e 8071 1fe7 0981 0800 4500
        0x0010:  0034 1a00 4000 5906 6780 5e49 fdb5 68c2
        0x0020:  db82 e027 190a 0000 0000 0000 0001 8010
        0x0030:  0083 100e 0000 0101 080a 077f da37 699f
        0x0040:  815f
17:03:10.274812 IP (tos 0x0, ttl 88, id 5731, offset 0, flags [DF], proto TCP (6), length 52)
    11.200.80.242.55382 > 104.194.219.130.28238: Flags [.], cksum 0xf466 (correct), seq 0, ack 1, win 16616, options [nop,nop,TS val 125819432 ecr 247032168], length 0
        0x0000:  0016 3e40 883e 8071 1fe7 0981 0800 4500
        0x0010:  0034 1663 4000 5806 6b62 0bc8 50f2 68c2
        0x0020:  db82 d856 6e4e 0000 0000 0000 0001 8010
        0x0030:  40e8 f466 0000 0101 080a 077f da28 0eb9
        0x0040:  6968
17:03:10.274929 IP (tos 0x0, ttl 90, id 46068, offset 0, flags [DF], proto TCP (6), length 52)
    92.227.88.168.42173 > 104.194.219.130.49430: Flags [.], cksum 0x08c2 (correct), seq 0, ack 1, win 16800, options [nop,nop,TS val 125819447 ecr 1772061023], length 0
        0x0000:  0016 3e40 883e 8071 1fe7 0981 0800 4500
        0x0010:  0034 b3f4 4000 5a06 72ff 5ce3 58a8 68c2
        0x0020:  db82 a4bd c116 0000 0000 0000 0001 8010
        0x0030:  41a0 08c2 0000 0101 080a 077f da37 699f
        0x0040:  815f
17:03:10.275142 IP (tos 0x0, ttl 87, id 20342, offset 0, flags [DF], proto TCP (6), length 52)
    21.253.248.223.61050 > 104.194.219.130.50090: Flags [.], cksum 0x16ae (correct), seq 0, ack 1, win 254, options [nop,nop,TS val 125819432 ecr 247032168], length 0
        0x0000:  0016 3e40 883e 8071 1fe7 0981 0800 4500
        0x0010:  0034 4f76 4000 5706 812c 15fd f8df 68c2
        0x0020:  db82 ee7a c3aa 0000 0000 0000 0001 8010
        0x0030:  00fe 16ae 0000 0101 080a 077f da28 0eb9
        0x0040:  6968

I have some log, need find macth packet for working drop its tcp,

can someone helping me for hex-string packet ?

Sorry my gramma not good

Comments

  • tehdantehdan Member

    All packets can be expressed in hex. What are you trying to drop?

  • yhuzayhuza Member

    @tehdan said:
    All packets can be expressed in hex. What are you trying to drop?

    synack. maybe like tcp synack with options, cos its synack atack :( how many time i try macth hex string in log, but no work 100%, inbound still arrive, cant be filter its dude, can you help me, macth the hexstring true for filter that kinds packet

Sign In or Register to comment.