Filter or change tcp packets

Hello, I need to filter packets that are comming from certain server (IP
address/port number). Server sends packets to my client program, but some of
those packets cause client to crash (those packets are generated by other
server users because of hole in chat program). So I tried to configure
iptables
to search data section of tcp packets comming from that IP address
and if it finds "unwanted pattern that crash client", it should drop
packets. I managed to do that, but it seems like it was bad solution.
Problem is that when packet from server is dropped by iptables, my client
application stop working properly (I think it stops comunication with server
because of packet loss, but I am not sure). I read that when iptables drop
packet it does not notify sender about it. Does that means that sender
continue to send same packet over and over again? (and because there is no
response from client side they stop to communicate).
If that is true is there any way to drop packet and to tell server to send
next one? Altough I can see another problem there because if that happens
client side would have wrong sequence number for next packet? Anyone have
idea how could I solve this problem?
I also thought about changing tcp packet data. Is there any way to do
something like this:
-when packet arives, program (or iptables) search pattern in its data
-if pattern is found, program (or iptables, but i doubt it has that feature)
change data in tcp packet, so that "unwanted pattern that cause buffer
overflow" is removed from it.
-changed packet is forwarded to client like nothing happened

I think this would solve my problem, but I know that I would have to write
this program myself, and it probably means some driver level programming. Is
it possible to do something like this? Any links where I can read more about
it?

If anyone have solution to this problem (with iptables, or on by any other
means), or can give me any useful info on subject, I would be very
thankfull.
Thanks!

p.s. sorry for my bad English, it is not my main language.


.

Relevant Pages

  • [REVS] Backdoor Spotcom Analysis
    ... Spotcom is a backdoor client application that allows a hacker to control ... The server IP address is hard-coded in ... msrsvp.exe accepts a couple of command line arguments. ... the packet payload. ...
    (Securiteam)
  • Re: Socket weirdness
    ... client) before you will notice a shutdown receive at server. ... Then eventually a packet comes from the peer, and that will contain data, so the server responds RST: ... way back across the network. ...
    (microsoft.public.dotnet.framework)
  • Re: Strange problem drive me mad.
    ... not by the TCP layer. ... > Thanks for reply, actually, the problem is that client (may caused by ... > always flush data before I decode the each packet when buffer is full. ...
    (microsoft.public.win32.programmer.networks)
  • Re: SACK (and PF) wierdness
    ... the point where pf drops the packet because it sees a violation of the ... This is an active FTP data connection, from FTP server 192.168.1.10:20 ... to FTP client 192.168.1.200:64828, where payload is only flowing from ... This is a violation of the client's window by the server, ...
    (freebsd-net)
  • OT: Problem with IIS6 and RDS
    ... Network settings for these machines are identical (except IP ... Without using RDS both machines have similar responce time for remote client ... We used Windows Network Monitor for capture all traffic between server and ... after that occur HTTP server reply (some packets according max packet size ...
    (microsoft.public.vc.atl)