Intercepting data flow between 2 apps

[Richard Anderson]

Subject: Re: Making an app return false information [was: feeding false
anapp]
From: Richard Anderson <[email protected]>
Newsgroups: alt.hacker

| You mean that his chess server has necceserilly have a hostname except
| the standard ip address ?
Nope, that's the problem. If he doesn't I think you can't use the
"hosts"-file method

Well i checkes it out. It does not have a hostname, neither it gives you
the opportunity to change to which ip address tou ish to connect. He
programmed it in a way that an esoteric mechanism knows exaclty his
servers ip address to connect to. :|

That makes things even more difficult to overcome, but even more
challengable too!

| All data flow passes through the firewall before travels to the internet
| and then the chess server, so in this way why cant we use the personal
| firewall to capture all the traveling data before allow them to fly over
| the internet?
Because the firewall is not meant to be used for this job and that's
the reason why no such feature is included.

There must be some way though. Because the firewall is an intermediate
between apps and net all data flow pass through it and many times
especially Firewalls with Statefull Packet Inspection can check
incoming/outcoming data flow to mark it as dangerous if it matches
againast its trojan/worm/vulnerabality database against the firewalls
database for possible data flow danger. This feature is extremely
helpfull if a windows service that listens for communication in some port
is vulnerable, and not SP1 or SP2 installed by the user side, so the only
way the user is to be safe is by having a firewall thet blocks those in
danger services (if the user knows them of course) or even better have
the SPI personal firewall block it for him.

I gave this example to state that if the firewall can do such a thing
then of course can manage the bypassing data flow for an outgoing
connection!

Do you also agree with me?

But if yes then how we can take advanatge of that ?!?

**************************************************
The above was o thread i had in alt.hacker

My question is can a firewall intercept tha data flow between 2
applications, one running on localhost and one in an inetserver, so then
we can have the on a firewall log file and finally have the chance to
alter them?

Thank you!

 

[A. Sinan Unur]

My question is can a firewall intercept tha data flow between 2
applications, one running on localhost and one in an inetserver, so
then we can have the on a firewall log file and finally have the
chance to alter them?

*PLONK*

Sinan

 

[Jay Tilton]

[A long, meandering tale of firewalls.]

You have completely missed the point people were trying to make in the
other thread: you have not yet asked a perl question.

Once again: You have not yet asked a perl question.

A third time, because you seem terminally obtuse:
YOU HAVE NOT YET ASKED A PERL QUESTION.

After you have used the packet sniffer to intercept the IP traffic,
after you have analyzed the traffic to see what information is sent,
after you have determined how to craft your bogus information to send in
its place,

_then_ you might be ready to do some programming.

Until then, this is completely off-topic to clpm.

 

[Richard Anderson]

(e-mail address removed) (Jay Tilton) wrote in @news.erols.com:

[A long, meandering tale of firewalls.]

You have completely missed the point people were trying to make in the
other thread: you have not yet asked a perl question.

Once again: You have not yet asked a perl question.

A third time, because you seem terminally obtuse:
YOU HAVE NOT YET ASKED A PERL QUESTION.

After you have used the packet sniffer to intercept the IP traffic,
after you have analyzed the traffic to see what information is sent,
after you have determined how to craft your bogus information to send in
its place,

_then_ you might be ready to do some programming.

Until then, this is completely off-topic to clpm.

Sorry that was not intentional, in fact its not a perl question but its a
perl related somehow because after i intercept and nalyzes the ip traffic
then i have to alter the bogus info.

Tha would mean that i would have to opne the snifefrs specific log file
to alter its components as i want them to be and the resubmit the whole
damn thing in a perl manner way?

 

[A. Sinan Unur]

(e-mail address removed) (Jay Tilton) wrote in @news.erols.com:

[A long, meandering tale of firewalls.]

....

YOU HAVE NOT YET ASKED A PERL QUESTION.

....

Sorry that was not intentional, in fact its not a perl question but
its a perl related somehow because after i intercept and nalyzes the
ip traffic then i have to alter the bogus info.

Your question is off-topic until you have some Perl to post.

Tha would mean that i would have to opne the snifefrs specific log

Please do not post gibberish.

Sinan.

 

[Richard Anderson]

Your question is off-topic until you have some Perl to post.

OK, i'll perl post something as soon as i learn about perl socket
programming but is my idea fucntional?

I mean having the sniffers specific ip traffic logged in a.txt file and
then alter the info i want from it and then resubmitting it where it has to
go?

Is this the things that my perl prog is suppose to do?