2018-05-06 14:09:06 +00:00
|
|
|
# TCP/IP Stack
|
|
|
|
|
|
|
|
This implementation is largely the same as the old-Syndicate
|
|
|
|
"incremental highlevel" implementation, but using new-Syndicate.
|
|
|
|
|
|
|
|
## Linux Firewall Configuration
|
|
|
|
|
|
|
|
Imagine a setup where the machine you are running this code has IP
|
2020-04-27 18:27:48 +00:00
|
|
|
192.168.2.10. This code claims 192.168.2.222 for itself. Now, pinging
|
|
|
|
192.168.2.222 from some other machine, say 192.168.2.99, will cause
|
2018-05-06 14:09:06 +00:00
|
|
|
the local kernel to receive the pings and then *forward them on to
|
2020-04-27 18:27:48 +00:00
|
|
|
192.168.2.222*, which because of the gratuitous ARP announcement, it
|
2018-05-06 14:09:06 +00:00
|
|
|
knows to be on its own Ethernet MAC address. This causes the ping
|
|
|
|
requests to repeat endlessly, each time with one lower TTL.
|
|
|
|
|
|
|
|
One approach to solving the problem is to prevent the kernel from
|
2020-04-27 18:27:48 +00:00
|
|
|
forwarding packets addressed to 192.168.2.222. To do this,
|
2018-05-06 14:09:06 +00:00
|
|
|
|
2020-04-27 18:27:48 +00:00
|
|
|
sudo iptables -I FORWARD -d 192.168.2.222 -j DROP
|