Harald Welte's blog

The modularity of iptables - or "ipt_SYSRQ"

One of the best early design choices of iptables was its support for plugin matches and plugin targets. Over the last five years, we have seen some 100 of such user-developed special-purpose plugins.

One that I find particularly funny is ipt_SYSRQ, a target module that allows you to issue the "magic sysreq" command via a network packet. This way you can sync, unmount and reboot a otherwise stuck machine that still responds to interrupts.

Obviously quite dangerous, but the author includes a time stamp and a cryptographic signature, so replay attacks can only occur in a very small time frame.

It's definitely a cool hack, although I'm not sure whether I'd want to put this on a production system or not.

Harald Welte's blog

	RSS Harald's Web gnumonks.org hmw-consulting.de sysmocom.de Projects OpenBSC OsmocomBB OsmocomTETRA deDECTed.org gpl-violations.org gpl-devices.org OpenMoko gnufiish OpenEZX OpenBeacon OpenPCD librfid openmrtd opentom.org netfilter/iptables Categories Root (1075) ccc (26) dect (2) electronics (19) gsm (124) osmocom-bb (7) knf (4) linux (697) a780 (39) conferences (127) cyberjack (4) gnuradio (5) gpl-violations (138) gspc (6) mobile (29) mrtd (35) netfilter (117) openmoko (52) opentom (7) samsung (1) via (23) misc (18) osmocom (9) personal (111) bollywood (17) taiwan (3) photography (9) politics (30) swpat (3) tetra (3) Archives 2012 (21) May (4) April (2) March (8) February (1) January (6) 2011 (47) December (2) November (3) October (3) September (3) August (1) July (5) June (9) May (5) April (6) March (3) February (2) January (5) 2010 (96) 2009 (146) 2008 (106) 2007 (53) 2006 (154) 2005 (248) 2004 (198) 2003 (5) 2002 (1) Other Bloggers David Burgess Zecke Dieter Spaar Michael Lauer Stefan Schmidt Rusty Russell David Miller Martin Pool Jeremy Kerr Tim Pritlove (German) fukami (German) fefe (German) Bradley M. Kuhn Lawrence Lessig Kalyan Varma Aggregators kernelplanet.org planet.netfilter.org planet.openezx.org planet.openmoko.org planet.foss.in identi.ca twitter flattr Linked in Xing Articles on this blog/journal are licensed under a Creative Commons Attribution-NoDerivs 2.5 License. Contact/Impressum	Thu, 27 Oct 2005 The modularity of iptables - or "ipt_SYSRQ" One of the best early design choices of iptables was its support for plugin matches and plugin targets. Over the last five years, we have seen some 100 of such user-developed special-purpose plugins. One that I find particularly funny is ipt_SYSRQ, a target module that allows you to issue the "magic sysreq" command via a network packet. This way you can sync, unmount and reboot a otherwise stuck machine that still responds to interrupts. Obviously quite dangerous, but the author includes a time stamp and a cryptographic signature, so replay attacks can only occur in a very small time frame. It's definitely a cool hack, although I'm not sure whether I'd want to put this on a production system or not. [ /linux/netfilter \| permanent link ]