MIRROR target for tcp attacks......i wrote something like this

loboautoma · 02-15-2005, 05:36 AM

Hello world!
I proved the experimental target MIRROR versus some incoming tcp_packets not desired.....but the Shell told me that the target doesn't exist......why?.....my distribution support it but i can't use it! I wrote something like this:

iptables -A INPUT -s ip.ip.ip.ip -i eth0 -p tcp -j MIRROR

thanx for any hint!

Capt_Caveman · 02-15-2005, 03:58 PM

See if you have the ipt_MIRROR module on your system:

find / | grep ipt_MIRROR

If it's present you should get a list of modules. If not, you'll just see some libs. I didn't notice it, but the MIRROR match doesn't appear to be supported by default on Fedora Core 3, but it is on all my older boxes. I looked through the 2.6 kernel change log and sure enough the MIRROR taget was dropped:

http://64.233.161.104/search?q=cache...&hl=en&start=4

loboautoma · 02-17-2005, 11:54 AM

The find command has found:

/lib/iptables-mandrake/libipt_MIRROR.so
/lib/iptables-vanilla/libipt_MIRROR.so

I think there are not modules....may be it's for the kernel.....
i'll see the links you gave me and i'll try to understand something more.

thanx for your time.

Capt_Caveman · 02-17-2005, 05:31 PM

If ipt_MIRROR was installed, you would have seen something like:

/lib/modules/<kernel-version>/kernel/net/ipv4/netfilter/ipt_MIRROR.o

If you would really like to use the MIRROR target, you can try patching the kernel with the netfilter patch-o-matic (pom-ng) and add in support for MIRROR. However this requires recompiling the kernel and iptables from source, so it's not trivial.

loboautoma · 02-19-2005, 09:37 AM

i never compiled the kernel before.

..but i will try as soon as possible...

thanx