Find the answer to your Linux question:
Results 1 to 2 of 2
I want to deny a particular malicious UDP packet. I can readily identify this packet from the rest by looking at the data section, where data offset 2 is 0xaa, ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2005
    Posts
    5

    Blocking UDP packet


    I want to deny a particular malicious UDP packet. I can readily identify this packet from the rest by looking at the data section, where data offset 2 is 0xaa, data[5] is 0xbb, etc. Are there any tools or code samples that can do this?

    Basically, instead of seeing the packet in the following tcpdump, I want to block it. I started to write a proxy but realized I would need to keep sessions and that's a nightmare. Is there an easier way to do this? The firewalls I've seen only block based on port, not on data payload.


    tcpdump -i eth1 udp[2:1] = 0xaa and udp[5:2] = 0xbbcc

  2. #2
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,578
    This is what might be called "deep packet inspection". There is FOSS software to do that, but you will have to search for it. Snort and such tools might help.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •