Creating an IPTables Backdoor
Introduction For my project, I chose the ambitious goal of adding a backdoor to Linux’s iptables firewall. In order to do this, I had to delve deep into the Linux kernel and study the inner workings of the networking stack. Through my efforts, I was able to make iptables accept specially-crafted packets, even if the user-defined rules say otherwise. The Evil Bit In April 2003, the Internet Engineering Task Force published RFC3514, which defines a previously-unused bit of the IPv4 fragment offset field as the “evil bit” or security flag....