On Sun, 18 Oct 1998, Alessio Orlandi wrote: # Hi all, # as recently discovered, with a simple port scan you can hijack some # of the BitchX dcc # connections. This due to the port assigning on the requesting client. # Here follows a really short patch that will fix the problem. The problem # is here: # BitchX when creates a DCC connection (listening socket) uses the # functions # connect_by_number (defined in network.c file). Passing as port 0 # This means that the OS will determine the port. Now.. for mental order.. # the ports will be quiet consecutive. Bad.. Bad... So.. let's add a # random value to the port returned by the system. All is now fixed. # Patch follows # ----------------------------------------------------------------------------------------- # # Regards # Alessio # "NaiL^d0d@ircnet/ircity" Orlandi # Thanks to: hackers@ircity Litos (you one of my best friend), Nervous, # awgn (hehe), # Lordfelix (salam), Raptor, # BlackJam, kasko, antirez # and hackers.it@ircnet Soren, NaiF, Bonjo # ---------------------------------------------------------------------------------------- # # # This patch won't work-- what if a port you decide on is already in use by something else? Ben
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:25:28 PDT