delorean/masscan-mark-ii
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d09c9799ea
masscan-mark-ii/src/misc-rstfilter.h
delorean 8559dcdfaf
initial
2024-02-26 10:35:54 -06:00

61 lines
2.0 KiB
C
Raw Blame History

/*
RST filter
In theory, we should transmit a RST packet every time we receive an invalid
TCP packet. In practice, this can lead to endless transmits when the other
size continues to transmit bad packets. This may happen accidentally, or this
may happen on purpose from the other side trying to attack the scanner
intentionally. In May 2019 I see this from somebody who I suspect is trying
to do that, replying back as fast as the scanner transmits (when running
at 10,000 packets per-second). This halts the scan, as it's throttle limit
is filled sending RSTs and not doing something useful.
The design is a simple non-deterministic algorithm. It hashes the
IP/prot combo, then updates a counter at that bucket. When it reaches
its limit, it stops transmitting resets. However, it'll also slowly
empty buckets, so can occasionally transmit a RST now and then.
*/
#ifndef MISC_RSTFILTER_H
#define MISC_RSTFILTER_H
#include <stdio.h>
#include "massip-addr.h"
struct ResetFilter;
/**
* Create a structure for this.
* @param seed
* A random seed chosen via entropy at startup, so that adversaries
* can't predict where the buckets will be.
* @param bucket_count
* The number of buckets. This'll be rounded up to the nearest
* power-of-two. 16384 is probably a good number.
* @return an instance of this object that should be eventually
* cleaned up with 'rstfilter_destroy()'.
*/
struct ResetFilter *
rstfilter_create(unsigned long long seed, size_t bucket_count);
/**
* Cleans up the object that was created with 'rstfilter_create()'.
*/
void
rstfilter_destroy(struct ResetFilter *rf);
/**
* Tests to see if we should ignore the given RST packet. This will
* also slowly empty a random bucket
* @return 1 if we should filter out the offending packet and ignore it,
* or else 0 if we shouldn't ignore it.
*/
int
rstfilter_is_filter(struct ResetFilter *rf, ipaddress src_ip, unsigned src_port, ipaddress dst_ip, unsigned dst_port);
int
rstfilter_selftest(void);
#endif
Reference in New Issue View Git Blame Copy Permalink