MrDrMcCoy's questions

I have recently encountered some malicious TCP traffic that came in with a destination of port 80, and also with a source port of 80. This traffic is obviously invalid, and would be so for any application that I can think of, as the source port should be both random and in the ephemeral range. While dropping packets with source ports below the ephemeral range or with a source and destination port of 80 is easy enough, I would like to take this a step further and block ALL traffic where the source and destination ports are identical.

Is it possible to drop all packets with iptables where the source and destination ports are identical, without creating thousands of rules? If so, is it a good idea?

I'm building a script that will download and install a bunch of programs. One of those programs depends on a virtual driver, which needs its certificate to be imported in order to function. Normally, the installer does this for you in the GUI and just pops up a confirmation dialog asking if you trust this driver. However, that interruption is unacceptable for the script I'm writing.

I have found a way to export the certificate via the file properties GUI and can import that file with the script, thus allowing me to install without any user interaction. However, in order to deploy and fully automate this script, I need to also be able to export the certificate file from the installer via the script. Can this be done?

I have a large script that will be asking for a download directory and downloading a bunch of files into it. However, when I set the download filename string based on the directory string, they are both overwritten with the full filename string. Here's what I mean:

$dldir = 'c:\downloads'
$dlfile = $dldir += '\data.csv'

This results in both $dldir and $dlfile to be set to "c:\downloads\data.csv". Obviously, since I want to reuse $dldir to set $dlfile multiple times in the script, I don't want it to change. Does anyone know how to do this?

Thanks.