5

I have written a small program that returns a custom response to receiving SYN packets to some ports in Linux. This required me to make a minor edit to the Linux Kernel and recompile. I have tested this and i have the functionality i require in Linux.

I wish to have the same functionality in Windows XP/7. To achieve this i believe i would need to edit a driver/file/registry setting that controls tcpip functions. The goal would be to disable the default action of sending RST packets when a SYN is received on a closed port?

The research i have done so far has pointed me towards something like tcpip.sys or the tcpip settings in registry?

I am realistic that this may not be possible due to the drivers being unsigned if i modify them, but hopefully someone can put my mind at ease about the plausibility of this being possible?

Deney Fletcher
  • 116
  • 4
  • The simple way is to setup Windows Firewall rule to block traffic on desired port to prevent sending RST and use `winpcap` to sniff/emit packets. – dewaffled Dec 21 '15 at 15:58
  • As far as i am aware, windows firewall operates above the kernel, therefore the kernel would respond regardless of the firewall settings. I could be wrong though? – Deney Fletcher Dec 21 '15 at 17:51
  • It should be very easy to check. At least I can see telnet to random port hangs for much longer when firewall is enabled. – dewaffled Dec 21 '15 at 19:25
  • That doesn't say much, wireshark/sniffing is the only way to know for sure. More testing i think. – Deney Fletcher Dec 21 '15 at 19:26
  • 1
    I'm unfamiliar with the details, but if Windows Firewall isn't sufficient, you probably want a filter driver. (As opposed to modifying the existing drivers, which is unrealistic.) – Harry Johnston Dec 22 '15 at 04:41
  • 1
    Possible duplicate? http://stackoverflow.com/questions/13008340/how-to-prevent-windows-from-sending-rst-packet-when-trying-to-connect-to-somebod – crchurchey Mar 12 '16 at 00:59

0 Answers0