[dorqus maximus wrote] | | This oshare.c code may have crashed our Checkpoint Firewall-1, version 3.0b, | Build Number: 3083. (Sun Sparc, Solaris 2.5.1) Sending 10,000 (not really --see below) of these `oshare` packets failed to do anything to the following machines: OpenBSD 2.4 FreeBSD 3.0 Solaris 2.7 Linux 2.1.124 SMP Windows 98 A cursory glance at the code reveals two noteworthy things: 1. There is no pause during packet injection. This results in a large amount of dropped packets. Your results will vary, but on my 100Mb ethernet, I saw about a 30% - 40% packet loss. 2. The packet is built inside a 40 byte buffer, yet is assigned a size of 44 bytes (and a header length of 44 bytes). The checksum is also computed across this phantom 44 byte size. When injecting into the network, however, only the original 40 bytes are written (anything larger, of course, would likely end up SIGSEGVing). The end result is a bad checksum on the other end. Finally, in closing, allow me to shamelessly plug libnet. Again. Libnet, simply put, is a C library for portable packet creation. The above `exploit` under libnet, can be rewritten portably in minutes. Beyond that (especially when combined with libpcap) it can be used to build powerful network applications without worrying about low-level packet interface nuances. Soon to be released version .10 offers numerous bug and portability fixes, several new utility and packet building modules, as well as additions to the FreeBSD and OpenBSD Ports collection. http://www.infonexus.com/~daemon9/Libnet -- I live a world of paradox... My willingness to destroy is your chance for improvement, my hate is your faith -- my failure is your victory, a victory that won't last.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:31:29 PDT