[tproxy] TProxy4 and Squid 3.1.0.5 client address spoofing problem !

Hamid Hashemi hashemi at gmail.com
Sat Feb 7 16:00:57 CET 2009


Sorry but more complete tethereal out which run filter on destination is
here :

[root at CACHE1 ~]# tethereal host 213.171.218.15 -n
Running as user "root" and group "root". This could be dangerous.
Capturing on eth1
  0.000000 85.247.162.18 -> 213.171.218.15 HTTP GET / HTTP/1.1
  0.000004 213.171.218.15 -> 85.247.162.18 TCP 80 > 39571 [ACK] Seq=1
Ack=386 Win=62 Len=0 TSV=11294071 TSER=2135261
  0.000006 85.247.162.2 -> 213.171.218.15 TCP 35330 > 80 [SYN] Seq=0
Win=5840 Len=0 MSS=1460 TSV=11294071 TSER=0 WS=7
  0.199523 213.171.218.15 -> 85.247.162.2 TCP 80 > 35330 [SYN, ACK] Seq=0
Ack=1 Win=16384 Len=0 MSS=1460 WS=0 TSV=0 TSER=0
  0.199533 85.247.162.2 -> 213.171.218.15 TCP 35330 > 80 [ACK] Seq=1 Ack=1
Win=5888 Len=0 TSV=11294268 TSER=0
  0.199603 85.247.162.2 -> 213.171.218.15 HTTP GET / HTTP/1.0
  0.504191 213.171.218.15 -> 85.247.162.2 TCP [TCP segment of a reassembled
PDU]
  0.504199 85.247.162.2 -> 213.171.218.15 TCP 35330 > 80 [ACK] Seq=451
Ack=1449 Win=8832 Len=0 TSV=11294570 TSER=52303830
  0.504241 213.171.218.15 -> 85.247.162.2 HTTP HTTP/1.1 200 OK  (text/html)
  0.504246 85.247.162.2 -> 213.171.218.15 TCP 35330 > 80 [ACK] Seq=451
Ack=2083 Win=11648 Len=0 TSV=11294570 TSER=52303830
  0.504359 213.171.218.15 -> 85.247.162.18 HTTP HTTP/1.0 200 OK  (text/html)
  0.504364 213.171.218.15 -> 85.247.162.18 HTTP Continuation or non-HTTP
traffic
  0.504402 213.171.218.15 -> 85.247.162.18 HTTP Continuation or non-HTTP
traffic
  0.514428 85.247.162.18 -> 213.171.218.15 TCP 39571 > 80 [ACK] Seq=386
Ack=1449 Win=3386 Len=0 TSV=2135390 TSER=11294570
  0.514577 85.247.162.18 -> 213.171.218.15 TCP 39571 > 80 [ACK] Seq=386
Ack=1579 Win=3386 Len=0 TSV=2135390 TSER=11294570
  0.517022 85.247.162.18 -> 213.171.218.15 TCP 39571 > 80 [ACK] Seq=386
Ack=2213 Win=4110 Len=0 TSV=2135390 TSER=11294570


-- 
Regards
Hamid Hashemi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20090207/723aceb5/attachment.htm 


More information about the tproxy mailing list