| Deutsch English Français Italiano |
|
<ut29n3$2epl6$2@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Don Y <blockedofcourse@foo.invalid> Newsgroups: sci.electronics.design Subject: Re: Chinese downloads overloading my website Date: Fri, 15 Mar 2024 13:05:45 -0700 Organization: A noiseless patient Spider Lines: 50 Message-ID: <ut29n3$2epl6$2@dont-email.me> References: <u14quid1e74r81n0ajol0quthaumsd65md@4ax.com> <usjiog$15kaq$1@solani.org> <t7rrui5ohh07vlvn5vnl277eec6bmvo4p9@4ax.com> <usm6v6$17e2c$1@solani.org> <gabuui56k0fn9iovps09um30lhiqhvc61t@4ax.com> <usqjih$h74g$1@dont-email.me> <afq1viha37gjs37sprgfb30dfm0m1ok5jh@4ax.com> <ustdn0$176f7$1@dont-email.me> <usv8fu$1nhtm$1@dont-email.me> <usvu8g$1slrq$2@dont-email.me> <ut1bm8$28gvp$1@dont-email.me> <gsrdckxea6.ln2@Telcontar.valinor> <ut1gpg$29itn$2@dont-email.me> <ut1r44$2bmvo$3@dont-email.me> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Fri, 15 Mar 2024 20:05:56 -0000 (UTC) Injection-Info: dont-email.me; posting-host="c86af28dc75bef790d14c8cfb4054056"; logging-data="2582182"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18sTtZFQhOfqaXqNC32T2X1" User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2 Cancel-Lock: sha1:608SLeYwqhKKB8Ref49d7S95ntg= Content-Language: en-US In-Reply-To: <ut1r44$2bmvo$3@dont-email.me> Bytes: 3523 On 3/15/2024 8:56 AM, Peter wrote: > > Don Y <blockedofcourse@foo.invalid> wrote: > >> Then, DON'T acknowledge the packet. Pretend the network >> cable is terminated in dead air. > > Can you actually do that, with a standard server? Normally every > TCP/IP packet is acked. This is deep in the system. You have to rewrite your stack. *You* have to handle raw packets instead of letting services (or the "super server") handle them for you. [And, you can't have an active proxy upstream that blindly intercepts them] The server effectively does a passive open and waits for packets ON *ANY* PORT. You obviously have to hide ALL ports as a potential client could poke ANY port, notice a response, then assume you are *deliberately* hiding OTHER ports that don't reply! If you reply ANYWHERE, then the "adversary" knows that you aren't just a "dangling wire"! Think of an old-fashioned RdTd serial port (no handshaking lines that you can examine as "active"). You can listen to incoming character stream without ever responding to it -- even allowing your driver to lose characters to overrun/parity/framing/etc. errors. Only when you see something that you recognize do you "react". [This is the easy way to hide an "internal" 3-pin serial port (that you likely have for diagnostics in a product) from folks who like looking for shells, etc. on such things!] Of course, if something (adversary or sniffer) sees that reaction, then the secret is out. So, you don't want to abuse this access mechanism. It's like tunneling under some existing protocol; it works only as long as folks don't *notice* it! > UDP isn't, which is why port knocking works so well. Anything that can be routed can be used. You can knock on UDP/x, then UDP/y, then... before trying to open a particular UDP/TCP connection. The point is to just LOOK at incoming packets and not blindly act on them -- even if that action is to block the connection.