Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    How to Drop Packet with Hex-String Iptables
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    How to Drop Packet with Hex-String Iptables

    yhuzayhuza Member
    edited August 2015 in Help
    17:03:10.274551 IP (tos 0x0, ttl 89, id 6656, offset 0, flags [DF], proto TCP (6), length 52)
        94.73.253.181.57383 > 104.194.219.130.6410: Flags [.], cksum 0x100e (correct), seq 0, ack 1, win 131, options [nop,nop,TS val 125819447 ecr 1772061023], length 0
            0x0000:  0016 3e40 883e 8071 1fe7 0981 0800 4500
            0x0010:  0034 1a00 4000 5906 6780 5e49 fdb5 68c2
            0x0020:  db82 e027 190a 0000 0000 0000 0001 8010
            0x0030:  0083 100e 0000 0101 080a 077f da37 699f
            0x0040:  815f
    17:03:10.274812 IP (tos 0x0, ttl 88, id 5731, offset 0, flags [DF], proto TCP (6), length 52)
        11.200.80.242.55382 > 104.194.219.130.28238: Flags [.], cksum 0xf466 (correct), seq 0, ack 1, win 16616, options [nop,nop,TS val 125819432 ecr 247032168], length 0
            0x0000:  0016 3e40 883e 8071 1fe7 0981 0800 4500
            0x0010:  0034 1663 4000 5806 6b62 0bc8 50f2 68c2
            0x0020:  db82 d856 6e4e 0000 0000 0000 0001 8010
            0x0030:  40e8 f466 0000 0101 080a 077f da28 0eb9
            0x0040:  6968
    17:03:10.274929 IP (tos 0x0, ttl 90, id 46068, offset 0, flags [DF], proto TCP (6), length 52)
        92.227.88.168.42173 > 104.194.219.130.49430: Flags [.], cksum 0x08c2 (correct), seq 0, ack 1, win 16800, options [nop,nop,TS val 125819447 ecr 1772061023], length 0
            0x0000:  0016 3e40 883e 8071 1fe7 0981 0800 4500
            0x0010:  0034 b3f4 4000 5a06 72ff 5ce3 58a8 68c2
            0x0020:  db82 a4bd c116 0000 0000 0000 0001 8010
            0x0030:  41a0 08c2 0000 0101 080a 077f da37 699f
            0x0040:  815f
    17:03:10.275142 IP (tos 0x0, ttl 87, id 20342, offset 0, flags [DF], proto TCP (6), length 52)
        21.253.248.223.61050 > 104.194.219.130.50090: Flags [.], cksum 0x16ae (correct), seq 0, ack 1, win 254, options [nop,nop,TS val 125819432 ecr 247032168], length 0
            0x0000:  0016 3e40 883e 8071 1fe7 0981 0800 4500
            0x0010:  0034 4f76 4000 5706 812c 15fd f8df 68c2
            0x0020:  db82 ee7a c3aa 0000 0000 0000 0001 8010
            0x0030:  00fe 16ae 0000 0101 080a 077f da28 0eb9
            0x0040:  6968
    

    I have some log, need find macth packet for working drop its tcp,

    can someone helping me for hex-string packet ?

    Sorry my gramma not good

    Comments

    • All packets can be expressed in hex. What are you trying to drop?

    • @tehdan said:
      All packets can be expressed in hex. What are you trying to drop?

      synack. maybe like tcp synack with options, cos its synack atack :( how many time i try macth hex string in log, but no work 100%, inbound still arrive, cant be filter its dude, can you help me, macth the hexstring true for filter that kinds packet

    Sign In or Register to comment.