[TriLUG] spoofing mac addresses

Aaron Joyner aaron at joyner.ws
Thu Aug 12 14:11:47 EDT 2004


What precisely is the problem with NATing SIP connections?  Is it that 
SIP is port-less, some other protocol, not TCP? (gre perhaps?)  If 
that's the case, a kernel module akin to the ip_conntrack_ftp would be 
capable of handling the translations necessary (although different from 
what conntrack_ftp does, it could tie into the iptables implementation 
in a similar manner, I'd think).  I haven't really looked into this 
very thoroughly, but would be interested in knowing more about the 
limitations.  Perhaps we can brain-storm it at the meeting tonight if 
you're coming, Jon?

Aaron J.


On Aug 12, 2004, at 10:26 AM, Jon Carnes wrote:

> On Thu, 2004-08-12 at 09:57, Reginald Reed wrote:
>> Another way to do this is for your code to "be the IP stack" bypassing
>> the kernel IP stack altogether.  Using libnet and libpcap, you
>> basically roll your own packets to send and anything received, you
>> filter based on what you're looking for (combo of IP address and
>> destination MAC, etc) and process accordingly.  This is pretty easy
>> for UDP, TCP adds a few challenges.  My team his written several
>> internal tools that use this method to scale traffic generation and
>> network simulation stuff using Python (with wrapped libnet and libpcap
>> functions).
>>
>> --Reggie
>
> Interesting... This would give you the ability to write a Voice Proxy
> Firewall for dealing with phones behind NAT'ed firewalls. The current
> price for such software is $4k to $12k.
>
> It would be great to see an open source version of one of these (or a
> cheaper version that ran on Linux).
>
> Jon Carnes
>
> -- 
> TriLUG mailing list        : 
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc




More information about the TriLUG mailing list