I am new to Windows Filtering Platform.
Is it possible to send a tcp SYN packet with a payload by using WFP?
The payload I want to send will have some secret password.
My linux server will check SYN packet's payload whether it is valid or not.
Is it possible to send tcp syn packet with payload by using WFP?
It isn't possible to send anything along with the initial SYN. It isn't valid to send data until the connection has been established. –
Siclari
In fact I don't see how it is possible to send anything with WPF. It is an interception framework, not a sending API. –
Siclari
WFP or no WFP, you "can" send the data in SYN packet but the other end should be aware of that. Standard doesn't allow or recommend doing that. TCP fast open was introduced thinking people will adapt that soon it became unpopular.
Sending data in SYN, even if you achieved is not a good practice because
a) Not scalable b) There are some proxies or gateways in the way which might intercept this TCP flow and throw away your data, sending SYN only to as they make server side connections. c) Most TCP out there would assume that SYN has NO data as connection establishment hasn't happened yet.
This is the reason people do encapsulation to preserve their data from all the middleboxes, you can design something on that principal.
Just to add, the likes of Palo Alto (and others) call filtering SYN packets containing data a feature (eg. knowledgebase.paloaltonetworks.com/…). There is one specific and tight use-case called TCP Fast Open which does send a small payload which such firewalls aim to allow - other than that though, you're out of luck. –
Leveller
Although sending data in SYN packet is possible, it is never recommended to send sensitive data. Any "bad user" who intercepts the SYN packet shall be able to initiate a connection with your secret password.
It is possible how? And where in RFC 793 does it say so? –
Siclari
© 2022 - 2024 — McMap. All rights reserved.