From b0032c534c8ac6e2c82cfd5725a73653bb7c1971 Mon Sep 17 00:00:00 2001 From: Christian Ulrich Date: Thu, 8 Oct 2020 18:12:59 +0200 Subject: [PATCH] use random sequence number for outgoing low-TTL SYN --- tcp_syni.nim | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tcp_syni.nim b/tcp_syni.nim index e74e6b3..82cca21 100644 --- a/tcp_syni.nim +++ b/tcp_syni.nim @@ -1,6 +1,7 @@ import asyncfutures, asyncdispatch, asyncnet, strformat from net import IpAddress, Port, `$`, `==`, getPrimaryIPAddr, toSockAddr, parseIpAddress from nativesockets import SockAddr, Sockaddr_storage, SockLen, setSockOptInt +from random import randomize, rand from sequtils import any import asyncutils import ip_packet @@ -137,7 +138,9 @@ proc captureAndResendAck(attempt: ConnectAttempt, captureFd: AsyncFD, closeSocket(captureFd) closeSocket(injectFd) -proc initPuncher*(): TcpSyniPuncher = TcpSyniPuncher() +proc initPuncher*(): TcpSyniPuncher = + randomize() + TcpSyniPuncher() proc findConnectAttempt(puncher: TcpSyniPuncher, srcIp: IpAddress, srcPort: Port, dstIp: IpAddress, @@ -277,8 +280,8 @@ proc accept*(puncher: TcpSyniPuncher, srcPort: Port, dstIp: IpAddress, let synOut = IpPacket(protocol: tcp, ipAddrSrc: attempt.srcIp, ipAddrDst: attempt.dstIp, ipTTL: 2, tcpPortSrc: attempt.srcPort, tcpPortDst: dstPort, - tcpSeqNumber: 0, tcpAckNumber: 0, tcpFlags: {SYN}, - tcpWindowSize: 1452 * 10) + tcpSeqNumber: rand(uint32), tcpAckNumber: 0, + tcpFlags: {SYN}, tcpWindowSize: 1452 * 10) await rawFd.injectTcpPacket(synOut) for seqNum in attempt.seqNums: let synIn = IpPacket(protocol: tcp, ipAddrSrc: attempt.dstIp,