[3564] in bugtraq
Re: BoS: Ping exploit program
daemon@ATHENA.MIT.EDU (Darren Reed)
Wed Oct 23 22:02:53 1996
Date: Thu, 24 Oct 1996 10:50:00 +1000
Reply-To: Darren Reed <darrenr@cyber.com.au>
From: Darren Reed <darrenr@cyber.com.au>
X-To: fenner@freefall.freebsd.org
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199610230444.VAA05389@freefall.freebsd.org> from "Bill Fenner"
at Oct 22, 96 09:44:25 pm
In some mail I received from Bill Fenner, sie wrote
>
> Since some people don't necessarily have Windows '95 boxes lying around,
> I wrote the following exploit program. It requires a raw socket layer
> that doesn't mess with the packet, so BSD 4.3, SunOS and Solaris are out.
> It works fine on 4.4BSD systems. It should work on Linux if you compile
> with -DREALLY_RAW.
>
> Feel free to do with this what you want. Please use this tool only to test
> your own machines, and not to crash others'. Mike, would you put it up on
> your web page?
>
> Bill
Bill, I wrote a program called "ipsend" some time ago that I later split up
into iptest/ipsend/ipresend. iptest basically does lots of nasty things,
including attempting to send huge packets, etc. It does it using NIT/BPF
and DLPI - but I've only tested on Solaris/BSD/Linux.
If you want to have a look at it:
ftp://coombs.anu.edu.au/pub/net/misc/ipsend.tar.gz
To give you a brief of the other programs:
* ipresend takes a tcpdump binary dump/snoop binary dump
or other input (such as textual descriptions of IP packets) and sends that
out through the above;
* ipsend is a command line interface for sending a single packet or doing
"stealth scanning";
Ideally, ipresend could be used with a know set of inputs which create a
set of nasty packets (that aren't covered in iptest) and you could use that
to test the rigidity of your IP stack after making any changes. iptest is
a quick and fixed implementation of a fixed number of tests.
Darren
