Comments (2)
no, in the current version no such mechanism in the SYN.
For example, the client adds a special tcp option into SYN packet, and the server checks it.
If it does not match, do not reply SYN-ACK, just drop it to avoid the port being scanned.
Is there an existing software that has implemented this feature? I wonder how practical it is
problems that might arise in this method:
- how is the compatibility ofspecial tcp option
- even if this is implemented. How to prevent replay attack of the SYN packet without synchronized clock?
from udp2raw.
Is there an existing software that has implemented this feature?
No, but there are similar ones, such as TOA(tcp option address) feature originated from LVS full-nat mode, then commonly used to bypass client real ip for proxy project.
https://github.com/ucloud/ucloud-toa
- how is the compatibility ofspecial tcp option
Yes, the tcp option may be drop or replaced by the cloud vendor, depending on the choice of option code
- even if this is implemented. How to prevent replay attack of the SYN packet without synchronized clock?
It just add one more checking logic when receive SYN packet, if this logic be bypassed, the orignal checking logic of program is still in effect.
from udp2raw.
Related Issues (20)
- SCTP
- How to tunnel IKEv2 HOT 1
- Difference between udp2raw_amd64_hw_aes and udp2raw_amd64 HOT 2
- can udp2raw work on win10? HOT 5
- Wireguard chain connection issue HOT 11
- Build fails with linux 6.5 headers HOT 2
- udp2raw is not working when using hotspot HOT 4
- Golang library
- heart beat sent cipher_decrypt failed recv_safer failed HOT 1
- 启用了之后确实可以解除udp封锁,但是Xbox主机派对无法启动? HOT 3
- After the ` Clash` tun mode is enabled, udp2raw cannot be connected even if the specified NIC is enabled HOT 5
- Run on MikroTik HOT 1
- The issue of multiple ports with kcptun and udp2raw。 HOT 4
- Running in a non rooted environment HOT 5
- udp2raw has stopped working, all the faketcp, icmp, udp have stopped working HOT 3
- Doing fake upload with this service HOT 1
- Feature request: Client-side choice of packets final destiny HOT 1
- Add option to enable SO_REUSEPORT for co-operating with natmap on router. HOT 1
- 可以通过不同的TCP端口来搭建多个udp隧道吗?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from udp2raw.