use random sequence number for outgoing low-TTL SYN

2020-10-08 18:12:59 +02:00 · 2020-10-08 18:12:59 +02:00 · b0032c534c
parent 37f02bc2ba
commit b0032c534c
1 changed files with 6 additions and 3 deletions
--- a/tcp_syni.nim
+++ b/tcp_syni.nim
@ -1,6 +1,7 @@
 import asyncfutures, asyncdispatch, asyncnet, strformat
 from net import IpAddress, Port, `$`, `==`, getPrimaryIPAddr, toSockAddr, parseIpAddress
 from nativesockets import SockAddr, Sockaddr_storage, SockLen, setSockOptInt
+from random import randomize, rand
 from sequtils import any
 import asyncutils
 import ip_packet
@ -137,7 +138,9 @@ proc captureAndResendAck(attempt: ConnectAttempt, captureFd: AsyncFD,
  closeSocket(captureFd)
  closeSocket(injectFd)

-proc initPuncher*(): TcpSyniPuncher = TcpSyniPuncher()
+proc initPuncher*(): TcpSyniPuncher =
+  randomize()
+  TcpSyniPuncher()

 proc findConnectAttempt(puncher: TcpSyniPuncher, srcIp: IpAddress,
                        srcPort: Port, dstIp: IpAddress,
@ -277,8 +280,8 @@ proc accept*(puncher: TcpSyniPuncher, srcPort: Port, dstIp: IpAddress,
      let synOut = IpPacket(protocol: tcp, ipAddrSrc: attempt.srcIp,
                            ipAddrDst: attempt.dstIp, ipTTL: 2,
                            tcpPortSrc: attempt.srcPort, tcpPortDst: dstPort,
-                            tcpSeqNumber: 0, tcpAckNumber: 0, tcpFlags: {SYN},
-                            tcpWindowSize: 1452 * 10)
+                            tcpSeqNumber: rand(uint32), tcpAckNumber: 0,
+                            tcpFlags: {SYN}, tcpWindowSize: 1452 * 10)
      await rawFd.injectTcpPacket(synOut)
      for seqNum in attempt.seqNums:
        let synIn = IpPacket(protocol: tcp, ipAddrSrc: attempt.dstIp,