Tag: HTTP

Overall IP Network

Posted on by lechuck park

From DALL-E with some prompting
The image is a diagram explaining the overall structure and data flow of an IP network.

Overall IP network: The entire structure of an IP network
Ethernet In the LAN: Ethernet used within the Local Area Network (LAN)
Identification in the internet: Identifying devices on the internet
OSPF short path with IP addresses: Open Shortest Path First (OSPF) routing protocol finds the shortest path using IP addresses
Addressing/Routing to the peer: Assigning addresses and routing to peer devices
BGP to get/share IP (other & me): Border Gateway Protocol (BGP) is used for obtaining and sharing IP addresses between others and oneself
Service Connection: Establishing a service connection
IP address ↔ Domain address: The relationship between IP addresses and domain addresses
DNS Easy to keep an internet address by Domain name: Domain Name System (DNS) makes it easy to maintain an internet address by using domain names
On TCP/UDP: Operating on TCP (Transmission Control Protocol) and UDP (User Datagram Protocol)
The diagram illustrates how data moves within a network. For instance, when a user accesses web services using the HTTP protocol, the DNS translates domain names into IP addresses, and then a service connection is established using the IP address over TCP/UDP protocols. Routing protocols such as OSPF and BGP are used to find the optimal path for data transmission through internal networks and the wider internet, respectively.


How to send TCP_RST to Block HTTP_REQ.

Posted on by lechuck park

# This is the part for the solution that blocked abnormal HTTP GET.

the below is summary of network architecture.

  1. Get mirrored packet from TAP switch is located Backbone-Router and border’s.
  2. Only get HTTP Get Packet with DPI Switch(Arista). used match TCP Payload
    1. Arista Switch can stir the packet have HTTP Get string.
  3. Server check if the packet is matched with Src/Dst IP and port and having HTTP_GET.
  4. Send RST packet with Seq/Ack/Payload len of HTTP_Get Packet.
    1. use RAW_PACKET socket.
    2. Source is internal IP which must be protected and Destination is External(abnormal HTTP site).
    3. RST packet is Source is External IP and..Destination is Source IP
    4. Seq is from Ack ( on External,Destination)
    5. Ack is from Seq + Payload len ( on Internal, Source)
    6. tcp flag is RST | ACK
    7. IP identification is don’t cared. ( It can be also adjusted if possible to get whole packet, On this page, only get HTTP Get packet, so cant know passed packet )
    8. TCP windows : htons (4500) + rand() % 1000 ( also. not mandatory )
    9. Need to send RST packet ASAP after receiving the HTTP_GET packet via ethernet port which can access to Internal IP Machine.
    10. below is some code for..

// ack is from TCP seq value, seq is from TCP ack value from Internal -> External HTTP_GET packet , payload_len is ip_total_len – ip_header_len – tcp_header_len

ack = ntohl(ack) + payload_len;
ack = htonl(ack);

tcpheader->th_seq = seq;
tcpheader->th_ack = ack;