socket problem?

David Bolen db3l at fitlinxx.com
Thu Sep 14 15:32:16 EDT 2000 

Zajcev Evgeny <lg at localhost.rgz.ru> writes:

> I chose python for learning protcols becouse of it is greate programming 
> language :)

True, but you sure chose a tricky thing to try to do with Python (or
any language) :-)

> by the way one of application of sending random tcp packets over sock_raw is
> some printers have telnet service and have no authentification
> so if any user telnet on it he have administrator privileges
> the solution of this problem: your PC in the same sub-net with who
>  want to telnet to printer sniifing net, and when there any SYN
>  packet to printer:23 send to printer RST packet from villain
>  address (ACK and souce port is knowing from sniffing)so he even
>  cant estableash connect.

Well, you're probably going to have a problem preventing the initial
connection establishment, if only because during the time you process
the packet and attempt to forge the RST I'm sure the TCP session will
already have been established - unless the printer is on a very slow
long haul network and your sniffing PC is local.

And once established, you're going to have a tough time generating an
RST that the source of the traffic is going to accept.  Your RST is
going to have to have a sequence number that is properly within the
current window of the transmitter, which means that you have the same
race condition of having to forge a response before the printer itself
can generate one - you've got to get your RST packet precisely at the
right point in the data stream.  While I won't say it's impossible, I
will say it's very tricky and probably really unlikely to be able to
do from an external sniffing approach (as opposed to a box that is
itself inserted into the packet flow, like a router).

If you still want to try to handle this, I'd suggest reading RFC793
closely with respect to RST generation and processing, and even some
TCP source code to better understand precisely how you have to forge
the appropriate TCP header information.

I'd go with the other responder - look into higher level (filtering,
routing) approaches to handle the security problem.  While your
printer may not have passwords, many of them support simple filtering
(e.g., only this address may connect to me).  If that's the case, you
could set up your PC as a proxy - set the printer to only accept
connections from your PC.  Then, let people telnet to the PC, and you
write a telnet daemon (in Python if you like) that does any
verification you need and then passes the traffic on to the printer.

--
-- David
-- 
/-----------------------------------------------------------------------\
 \               David Bolen            \   E-mail: db3l at fitlinxx.com  /
  |             FitLinxx, Inc.            \  Phone: (203) 708-5192    |
 /  860 Canal Street, Stamford, CT  06902   \  Fax: (203) 316-5150     \
\-----------------------------------------------------------------------/

More information about the Python-list mailing list