Menu

#1 Disconnect BPF from IP capture

open
nobody
None
5
2012-09-14
2006-12-10
John Hardin
No

At present if you want to use a BPF packet filter you need to have IP Capture enabled, and the BPF filter expands the universe of connections LaBrea will tarpit.

This patch breaks that connection, and allows you to use a BPF filter with IP capture turned off, giving fine control over what gets tarpitted. For example, you could use LaBrea to create an SMTP tarpit with a BPF like:

dst host my.svr.ip.addr and tcp dst port 25

With IP capture enabled, the behavior is unchanged.

Not exhaustively tested.

See also my spoofed-banners patch.

Discussion

  • John Hardin

    John Hardin - 2006-12-13

    Logged In: YES
    user_id=786519
    Originator: YES

    File Added: BPF_even_without_IP_capture.patch

     

  • John Hardin

    John Hardin - 2006-12-13

    Disconnect BPF use from IP capture, fix BPF file reading

     
    BPF_even_without_IP_capture.patch

  • John Hardin

    John Hardin - 2006-12-13

    Logged In: YES
    user_id=786519
    Originator: YES

    Added bugfixes for BPF filter length and file reading problems.

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.