This is a multi-part message in MIME format. --------------6EC7F8FD7D8307CEBA8B05A3 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi all, as recently discovered, with a simple port scan you can hijack some of the BitchX dcc connections. This due to the port assigning on the requesting client. Here follows a really short patch that will fix the problem. The problem is here: BitchX when creates a DCC connection (listening socket) uses the functions connect_by_number (defined in network.c file). Passing as port 0 This means that the OS will determine the port. Now.. for mental order.. the ports will be quiet consecutive. Bad.. Bad... So.. let's add a random value to the port returned by the system. All is now fixed. Patch follows ----------------------------------------------------------------------------------------- Regards Alessio "NaiL^d0d@ircnet/ircity" Orlandi Thanks to: hackers@ircity Litos (you one of my best friend), Nervous, awgn (hehe), Lordfelix (salam), Raptor, BlackJam, kasko, antirez and hackers.it@ircnet Soren, NaiF, Bonjo ---------------------------------------------------------------------------------------- --------------6EC7F8FD7D8307CEBA8B05A3 Content-Type: text/plain; charset=us-ascii; name="BitchX-DCC.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="BitchX-DCC.patch" --- source/network.c +++ source/network.c 1998/7/20 08:56:44 @@ -21,7 +21,9 @@ #ifdef HAVE_SYS_FILIO_H #include <sys/filio.h> #endif +/* NaiL^d0d: no hijack please, we need random bytes, in stdlib.h */ +#include <stdlib.h> extern char hostname[NAME_LEN+1]; extern int use_socks; @@ -172,6 +172,7 @@ memset(&name, 0, sizeof(struct sockaddr_in)); name.sin_family = AF_INET; name.sin_addr.s_addr = htonl(INADDR_ANY); name.sin_port = htons(*portnum); +name.sin_port+=(unsigned short)(rand() &255); if (bind(fd, (struct sockaddr *)&name, sizeof(name))) --------------6EC7F8FD7D8307CEBA8B05A3--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:25:24 PDT