christian
/
punchd
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

use random sequence number for outgoing low-TTL SYN

This commit is contained in:
Christian Ulrich 2020-10-08 18:12:59 +02:00
parent 37f02bc2ba
commit b0032c534c
No known key found for this signature in database
GPG Key ID: 8241BE099775A097
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
tcp_syni.nim
View File

@ -1,6 +1,7 @@
import asyncfutures, asyncdispatch, asyncnet, strformat import asyncfutures, asyncdispatch, asyncnet, strformat
from net import IpAddress, Port, `$`, `==`, getPrimaryIPAddr, toSockAddr, parseIpAddress from net import IpAddress, Port, `$`, `==`, getPrimaryIPAddr, toSockAddr, parseIpAddress
from nativesockets import SockAddr, Sockaddr_storage, SockLen, setSockOptInt from nativesockets import SockAddr, Sockaddr_storage, SockLen, setSockOptInt
from random import randomize, rand
from sequtils import any from sequtils import any
import asyncutils import asyncutils
import ip_packet import ip_packet
@ -137,7 +138,9 @@ proc captureAndResendAck(attempt: ConnectAttempt, captureFd: AsyncFD,
closeSocket(captureFd) closeSocket(captureFd)
closeSocket(injectFd) closeSocket(injectFd)
proc initPuncher*(): TcpSyniPuncher = TcpSyniPuncher() proc initPuncher*(): TcpSyniPuncher =
randomize()
TcpSyniPuncher()
proc findConnectAttempt(puncher: TcpSyniPuncher, srcIp: IpAddress, proc findConnectAttempt(puncher: TcpSyniPuncher, srcIp: IpAddress,
srcPort: Port, dstIp: IpAddress, srcPort: Port, dstIp: IpAddress,
@ -277,8 +280,8 @@ proc accept*(puncher: TcpSyniPuncher, srcPort: Port, dstIp: IpAddress,
let synOut = IpPacket(protocol: tcp, ipAddrSrc: attempt.srcIp, let synOut = IpPacket(protocol: tcp, ipAddrSrc: attempt.srcIp,
ipAddrDst: attempt.dstIp, ipTTL: 2, ipAddrDst: attempt.dstIp, ipTTL: 2,
tcpPortSrc: attempt.srcPort, tcpPortDst: dstPort, tcpPortSrc: attempt.srcPort, tcpPortDst: dstPort,
tcpSeqNumber: 0, tcpAckNumber: 0, tcpFlags: {SYN}, tcpSeqNumber: rand(uint32), tcpAckNumber: 0,
tcpWindowSize: 1452 * 10) tcpFlags: {SYN}, tcpWindowSize: 1452 * 10)
await rawFd.injectTcpPacket(synOut) await rawFd.injectTcpPacket(synOut)
for seqNum in attempt.seqNums: for seqNum in attempt.seqNums:
let synIn = IpPacket(protocol: tcp, ipAddrSrc: attempt.dstIp, let synIn = IpPacket(protocol: tcp, ipAddrSrc: attempt.dstIp,