Want my Server to react on special ICMP Packets

basser

I know that it ist possible to send a ping to my server, that contains Text. What I want, is that my server waits for such a special ping from a specific IP-adress and then executes a command.

Is there any program out there, that can do what I want or has anyone of you written a script that works?

FuzzeX · Tux's lil' helper Joined: 08 Jan 2003 Posts: 96

It is possible using the netfilter string extension to select this special ping and say forward it somewhere: http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-3.html#ss3.18

There would still need to be some kind of program listening for this ping and then deciding what to do with it. Maybe something like a small python script that uses the SocketServer module? http://www.python.org/doc/2.3.3/lib/module-SocketServer.html

That's all I can think of, but maybe someone knows of something out of the can. I would argue that it would be more secure and easier in the long run to do remote command triggering through something like ssh. Although I don't know specifically what you're trying to accomplish, so I could be wrong.[/url]

basser · Posted: Mon Mar 01, 2004 10:11 am Post subject:

basser · Posted: Mon Mar 01, 2004 12:10 pm Post subject:

FuzzeX · Tux's lil' helper Joined: 08 Jan 2003 Posts: 96

Okay, given what you've said here is how I would attack this problem.

1. I would use iptables on the server to catch the "special ping" and forward it to some high port (it doesn't really matter which one).

2. I would write a script that would listen on that port for the "special ping", do whatever verification is necessary and then start the ssh forwards.

When I say server I really just mean a script that is always running in the background. Off the top of my head I couldn't make a guess at how complex this would be to write, but I would say in the 100-150 lines of code range as a random guess.

Another way to do this that is more kludgy would be to have iptables listen for the special ping and then log when it recieves it. Then a simple script could watch for the log entry and then start the ssh forwards.

I personally would go the first way over the second just so I don't have to trust iptables that the ping it got really was the "special ping".

dma · Posted: Tue Mar 02, 2004 4:40 am Post subject:

So basically you are installing a rootkit on your own box. :twisted:

Assuming your idiotic user-hating University doesn't catch on and firewall this TOO, you'll be able to hack a rootkit to do this I guess.

http://www.antiserver.it/Backdoor-Rootkit/

You could also make it respond to an email or something.

basser · Posted: Tue Mar 02, 2004 9:07 am Post subject: Thanks

Thanks for all your posts I think they helped me alot and I should be able to solve my problem.