The source code for "stacheldraht" was published on Packet Storm this week: http://packetstorm.securify.com/distributed Below are the differences (which affect packet signatures and some minimal strings in the binary images) between the code that I analyzed and the current 4.0 release. (Hmm. Jumping from 1.1 to 4.0 because of #define changes. Sounds like random works for Microsoft or Sun! ;) I will be updating the default values in the "dds" (and "gag") scanners as soon as possible to use these new defaults, and will add command line options to "dds" to switch them. (I didn't do this earlier due to time constraints.) Anyone who is doing packet level checks should be aware of these changed defaults (and that they can easily be changed further, so be aware of false negative results.) diff stacheldrahtV4/config.h reg-orig/config.h 11,12c11 < #define ID_SHELL 88 /* to bind a rootshell */ < #define ID_ADDR 616 /* ip add request for the flood server */ --- > #define ID_SHELL 1 /* to bind a rootshell */ 14,30c13,31 < #define ID_SETPRANGE 8008 /* set port range for synflood */ < #define ID_SETUSIZE 8009 /* set udp size */ < #define ID_SETISIZE 9010 /* set icmp size */ < #define ID_TIMESET 9011 /* set the flood time */ < #define ID_DIEREQ 6663 /* shutdown request of the masterserver */ < #define ID_DISTROIT 6662 /* distro request of the master server */ < #define ID_REMMSERVER 5501 /* remove added masterserver */ < #define ID_ADDMSERVER 5555 /* add new masterserver request */ < #define SPOOF_REPLY 1016 /* spoof test reply of the master server < #define ID_TEST 6268 /* test of the master server */ < #define ID_ICMP 1155 /* to icmp flood */ < #define ID_SENDUDP 6 /* to udp flood */ < #define ID_SENDSYN 9 /* to syn flood */ < #define ID_SYNPORT 8 /* to set port */ < #define ID_STOPIT 3 /* to stop flooding */ < #define ID_SWITCH 5 /* to switch spoofing mode */ < #define ID_ACK 4 /* for replies to the client */ --- > #define ID_ADDR 699 /* ip add request for the flood server */ > > #define ID_SETPRANGE 2007 /* set port range for synflood */ > #define ID_SETUSIZE 2006 /* set udp size */ > #define ID_SETISIZE 2005 /* set icmp size */ > #define ID_TIMESET 2004 /* set the flood time */ > #define ID_DIEREQ 2003 /* shutdown request of the masterserver */ > #define ID_DISTROIT 2002 /* distro request of the master server */ > #define ID_REMMSERVER 2001 /* remove added masterserver */ > #define ID_ADDMSERVER 2000 /* add new masterserver request */ > #define SPOOF_REPLY 1000 /* spoof test reply of the master server > #define ID_TEST 668 /* test of the master server */ > #define ID_ICMP 1055 /* to icmp flood */ > #define ID_SENDUDP 2 /* to udp flood */ > #define ID_SENDSYN 3 /* to syn flood */ > #define ID_SYNPORT 4 /* to set port */ > #define ID_STOPIT 5 /* to stop flooding */ > #define ID_SWITCH 6 /* to switch spoofing mode */ > #define ID_ACK 7 /* for replies to the client */ Common subdirectories: stacheldrahtV4/leaf and reg-orig/leaf diff stacheldrahtV4/mserv.c reg-orig/mserv.c 24c24 < #define SALT "dRFWfIGlF0zrE\0" --- > #define SALT "zAHp635Fd0u/g\0" 27c27 < #define MSERVERPORT 65512 --- > #define MSERVERPORT 16660 29c29 < #define SERVVERSION "[*]stacheldraht[*] mserver version: 4.0\n" --- > #define SERVVERSION "[*]stacheldraht[*] mserver version: 1.1\n" 31,32c31,32 < /* masterserver handles up to 6000 bcasts */ < #define MAXBCASTS 6000 --- > /* masterserver handles up to 1000 bcasts */ > #define MAXBCASTS 1000 34c34 < #define BCASTFILENAME ".bc" --- > #define BCASTFILENAME "bcasts" 36c36 < #define LOCALIP "193.116.54.15" --- > #define LOCALIP "205.198.186.38" 41c41 < #define COMMANDPORT 65513 --- > #define COMMANDPORT 65000 49c49 < #define CURPROMPT "stacheldraht" --- > #define CURPROMPT "regulate" Common subdirectories: stacheldrahtV4/telnetc and reg-orig/telnetc -- Dave Dittrich Client Services dittrichat_private Computing & Communications University of Washington <a href="http://www.washington.edu/People/dad/"> Dave Dittrich / dittrichat_private [PGP Key]</a> PGP 6.5.1 key fingerprint: FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:34:18 PDT