This file is indexed.

/usr/share/doc/netwox-doc/tools/79.html is in netwox-doc 5.39.0-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
<HTML>
 <HEAD>
 <TITLE>Tool 79: Acknowledge every TCP SYN</TITLE>
 </HEAD>
 <BODY BGCOLOR="#FFFFFF">
  <CENTER>   <H3>Tool 79: Acknowledge every TCP SYN</H3>
  </CENTER>

  <P><H3>Description:</H3>
   <PRE>
  This tool acknowledges every TCP-SYN. It is used to protect against
  scanning tools.
  For example, host 192.168.0.1 has a webserver on port 80. A scan will
  quickly find this open port. Dropping packets on other ports will slow
  the scan, but it will finally find port 80 open.
  This tool answers to TCP SYN (except for port 80), so from scanner
  viewpoint, all ports will be open. In this case, use netwox like this:
    netwox 79 --ips 192.168.0.1 --ports 1-79,81-65535
  Don't forget to DROP packets in kernel firewall, otherwise, scanner
  will see a SYN-ACK and a RST.
  Parameter --device indicates on which device to sniff. Please note
  that under some systems, such as Windows, sniffing on some devices is
  not supported.
  Parameter --filter defines the sniff filter. It permits to restrict
  captured packets. This kind of filter is named a BPF or pcap filter.
  Basic elements of a filter are:
    host 1.2.3.4
    net 192.168.10
    net 192.168.10.0 mask 255.255.255.0
    net 192.168.10.0/24
    port 21
    dst host 1.2.3.4
    src port 2345
    ether host a:b:c:d:e:f ('ether a:b:c:d:e:f' is not working)
    ether src aa:bb:cc:dd:ee:ff
    ip
    arp
    rarp
    tcp
    icmp
    udp
  Here are filter examples:
    "host 1.2.3.4"
    "net 192.168 and icmp"
    "host 1.2.3.4 or dst port 80"
    "(udp or tcp) and not host 1.2.3.4"
  Parameter --spoofip indicates how to generate link layer for spoofing.
  Values 'best', 'link' or 'raw' are common choices for --spoofip. Here
  is the list of accepted values:
   - 'raw' means to spoof at IP4/IP6 level (it uses system IP stack). If
     a firewall is installed, or on some systems, this might not work.
   - 'linkf' means to spoof at link level (currently, only Ethernet is
     supported). The 'f' means to Fill source Ethernet address.
     However, if source IP address is spoofed, it might be impossible
     to Fill it. So, linkf will not work: use linkb or linkfb instead.
   - 'linkb' means to spoof at link level. The 'b' means to left a Blank
     source Ethernet address (0:0:0:0:0:0, do not try to Fill it).
   - 'linkfb' means to spoof at link level. The 'f' means to try to Fill
     source Ethernet address, but if it is not possible, it is left
     Blank.
   - 'rawlinkf' means to try 'raw', then try 'linkf'
   - 'rawlinkb' means to try 'raw', then try 'linkb'
   - 'rawlinkfb' means to try 'raw', then try 'linkfb'
   - 'linkfraw' means to try 'linkf', then try 'raw'
   - 'linkbraw' means to try 'linkb', then try 'raw'
   - 'linkfbraw' means to try 'linkfb', then try 'raw'
   - 'link' is an alias for 'linkfb'
   - 'rawlink' is an alias for 'rawlinkfb'
   - 'linkraw' is an alias for 'linkfbraw'
   - 'best' is an alias for 'linkraw'. It should work in all cases.
  
  This tool may need to be run with admin privilege in order to sniff
  and spoof.
   </PRE>

  <P><H3>Synonyms:</H3>
  &nbsp;&nbsp;firewall<BR>

  <P><H3>Usage:</H3>
  &nbsp;&nbsp;netwox 79 -i ips -p ports [-d device] [-f filter] [-s spoofip]<BR>

  <P><H3>Parameters:</H3>
<TABLE BORDER=1 CELLPADDING=4>
 <TR>
  <TD ALIGN=middle><I>parameter</I></TD>
  <TD ALIGN=middle><I>description</I></TD>
  <TD ALIGN=middle><I>example</I></TD>
 </TR>
 <TR><TD><TT>-i|--ips ips</TD>
<TD>only answer to these IP</TD>
<TD>all</TD></TR>
<TR><TD><TT>-p|--ports ports</TD>
<TD>only answer to these ports</TD>
<TD>all</TD></TR>
<TR><TD><TT>-d|--device device</TD>
<TD>device name</TD>
<TD>Eth0</TD></TR>
<TR><TD><TT>-f|--filter filter</TD>
<TD>pcap filter</TD>
<TD>&nbsp;</TD></TR>
<TR><TD><TT>-s|--spoofip spoofip</TD>
<TD>IP spoof initialization type</TD>
<TD>linkbraw </TD></TR>
</TABLE>

  <P><H3>Examples:</H3>
  &nbsp;&nbsp;netwox 79 -i "all" -p "all"<BR>
<BR>
  &nbsp;&nbsp;netwox 79 --ips "all" --ports "all"<BR>
<BR>
 </BODY>
 </HTML>