[8768] in bugtraq
Re: DCC HiJacking patch for BitchX 75p1
daemon@ATHENA.MIT.EDU (mikey)
Tue Dec 22 04:39:01 1998
Date: Tue, 22 Dec 1998 18:48:43 -0600
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: mikey <mikey@PHEDZ.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <362A2A77.3ECB8B4A@tin.it>
Yes, this might help. But why worry? they would need to port scan, and
find the port quicker than the other client can connect. Do you think they
can do this all the time? Or Barely ever? So this is not a problem, I
don't understand why anyone even got jumpy over it. I could do the same
with ftp, ftp opens ports waiting to recieve files. Do you see people
making patches for that?
On Sun, 18 Oct 1998, Alessio Orlandi wrote:
> Hi all,
> as recently discovered, with a simple port scan you can hijack some
> of the BitchX dcc
> connections. This due to the port assigning on the requesting client.
> Here follows a really short patch that will fix the problem. The problem
> is here:
> BitchX when creates a DCC connection (listening socket) uses the
> functions
> connect_by_number (defined in network.c file). Passing as port 0
> This means that the OS will determine the port. Now.. for mental order..
> the ports will be quiet consecutive. Bad.. Bad... So.. let's add a
> random value to the port returned by the system. All is now fixed.
> Patch follows
> -----------------------------------------------------------------------------------------
>
> Regards
> Alessio
> "NaiL^d0d@ircnet/ircity" Orlandi
> Thanks to: hackers@ircity Litos (you one of my best friend), Nervous,
> awgn (hehe),
> Lordfelix (salam), Raptor,
> BlackJam, kasko, antirez
> and hackers.it@ircnet Soren, NaiF, Bonjo
> ----------------------------------------------------------------------------------------
>
>
>
