Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
How to Drop Packet with Hex-String Iptables
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

How to Drop Packet with Hex-String Iptables

yhuzayhuza Member
edited August 2015 in Help
17:03:10.274551 IP (tos 0x0, ttl 89, id 6656, offset 0, flags [DF], proto TCP (6), length 52)
    94.73.253.181.57383 > 104.194.219.130.6410: Flags [.], cksum 0x100e (correct), seq 0, ack 1, win 131, options [nop,nop,TS val 125819447 ecr 1772061023], length 0
        0x0000:  0016 3e40 883e 8071 1fe7 0981 0800 4500
        0x0010:  0034 1a00 4000 5906 6780 5e49 fdb5 68c2
        0x0020:  db82 e027 190a 0000 0000 0000 0001 8010
        0x0030:  0083 100e 0000 0101 080a 077f da37 699f
        0x0040:  815f
17:03:10.274812 IP (tos 0x0, ttl 88, id 5731, offset 0, flags [DF], proto TCP (6), length 52)
    11.200.80.242.55382 > 104.194.219.130.28238: Flags [.], cksum 0xf466 (correct), seq 0, ack 1, win 16616, options [nop,nop,TS val 125819432 ecr 247032168], length 0
        0x0000:  0016 3e40 883e 8071 1fe7 0981 0800 4500
        0x0010:  0034 1663 4000 5806 6b62 0bc8 50f2 68c2
        0x0020:  db82 d856 6e4e 0000 0000 0000 0001 8010
        0x0030:  40e8 f466 0000 0101 080a 077f da28 0eb9
        0x0040:  6968
17:03:10.274929 IP (tos 0x0, ttl 90, id 46068, offset 0, flags [DF], proto TCP (6), length 52)
    92.227.88.168.42173 > 104.194.219.130.49430: Flags [.], cksum 0x08c2 (correct), seq 0, ack 1, win 16800, options [nop,nop,TS val 125819447 ecr 1772061023], length 0
        0x0000:  0016 3e40 883e 8071 1fe7 0981 0800 4500
        0x0010:  0034 b3f4 4000 5a06 72ff 5ce3 58a8 68c2
        0x0020:  db82 a4bd c116 0000 0000 0000 0001 8010
        0x0030:  41a0 08c2 0000 0101 080a 077f da37 699f
        0x0040:  815f
17:03:10.275142 IP (tos 0x0, ttl 87, id 20342, offset 0, flags [DF], proto TCP (6), length 52)
    21.253.248.223.61050 > 104.194.219.130.50090: Flags [.], cksum 0x16ae (correct), seq 0, ack 1, win 254, options [nop,nop,TS val 125819432 ecr 247032168], length 0
        0x0000:  0016 3e40 883e 8071 1fe7 0981 0800 4500
        0x0010:  0034 4f76 4000 5706 812c 15fd f8df 68c2
        0x0020:  db82 ee7a c3aa 0000 0000 0000 0001 8010
        0x0030:  00fe 16ae 0000 0101 080a 077f da28 0eb9
        0x0040:  6968

I have some log, need find macth packet for working drop its tcp,

can someone helping me for hex-string packet ?

Sorry my gramma not good

Comments

  • All packets can be expressed in hex. What are you trying to drop?

  • @tehdan said:
    All packets can be expressed in hex. What are you trying to drop?

    synack. maybe like tcp synack with options, cos its synack atack :( how many time i try macth hex string in log, but no work 100%, inbound still arrive, cant be filter its dude, can you help me, macth the hexstring true for filter that kinds packet

Sign In or Register to comment.