Thanks! We would be happy to continue development of msfweb/msfgui if we find someone in the community to take it on. Funny enough, many of the "hardcore" users (module developers) were happy about the decision to deprecate the web and gui interfaces, but they tend to be console-mode purists anyways:) Sorry for the AC comment earlier, took a bit to find my credentials for this account.
There we go - found my real/. account -- the post above is my own, you can find open tickets in the Metasploit Redmine tracker for the msfweb/msfgui overhaul.
I am referring to dropping the packet on the subscriber side, not on the destination side. It should be an easy ACL to drop packets with the RST bit set when the TTL is greater than a certain threshold. If I wasn't lazy, I would go write the iptables rule for it now.
A quick solution is to just drop the RST's coming back with a TTL of 255 (something > 250 would work fine too). Unless they are sending a reset to the destination host as well, this is a quick-fix for anyone with a Linux or BSD firewall. Similar to how the Chinese firewall can be evaded.
Slashdot Mirror
Thanks! We would be happy to continue development of msfweb/msfgui if we find someone in the community to take it on. Funny enough, many of the "hardcore" users (module developers) were happy about the decision to deprecate the web and gui interfaces, but they tend to be console-mode purists anyways :) Sorry for the AC comment earlier, took a bit to find my credentials for this account.
There we go - found my real /. account -- the post above is my own, you can find open tickets in the Metasploit Redmine tracker for the msfweb/msfgui overhaul.
I am referring to dropping the packet on the subscriber side, not on the destination side. It should be an easy ACL to drop packets with the RST bit set when the TTL is greater than a certain threshold. If I wasn't lazy, I would go write the iptables rule for it now.
A quick solution is to just drop the RST's coming back with a TTL of 255 (something > 250 would work fine too). Unless they are sending a reset to the destination host as well, this is a quick-fix for anyone with a Linux or BSD firewall. Similar to how the Chinese firewall can be evaded.