[8647] in bugtraq

home help back first fref pref prev next nref lref last post

ipfwadm has pseudo-DoS ;)

daemon@ATHENA.MIT.EDU (Domas Mituzas)
Sat Nov 28 16:57:47 1998

Date: 	Sat, 28 Nov 1998 15:25:46 +0100
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Domas Mituzas <midom@PUB.OSF.LT>
To: BUGTRAQ@NETSPACE.ORG

ipfwadm delivered with all major Linux distributions doesn't know some new
kernel features (included into latest releases). One of them is ICMP
Masquerading. ipfwadm couldn't handle ICMP lines in
/proc/net/ip_masquerade therefore it brought "unexpected input data"
error not showing other records (that is TCP and UDP). Therefore if
someone want's that his connections were not seen by `ipfwadm -Ml` can
just ping one host and at the same time do what he wants. Of course the
operator can look into /proc/net directory, but it's difficult to read ip
addresses written in hex numbers... I've written a small fix to solve
this problem - I've just added ICMP Masquerading support to ipfwadm. Here
it is (you can get ipfwadm distribution from ftp.xos.nl/pub/linux/ipfwadm):

--- ipfwadm.c.orig      Tue Jul 30 14:54:22 1996
+++ ipfwadm.c   Sat Nov 28 16:20:53 1998
@@ -1134,6 +1134,9 @@
        else if (kind == IP_FW_F_UDP &&
                        (service = getservbyport(htons(port), "udp")) != NULL)
                return service->s_name;
+       else if (kind == IP_FW_F_ICMP &&
+                       (service = getservbyport(htons(port), "icmp")) != NULL)
+               return service->s_name;
        else
                return (char *) NULL;
 }
@@ -1571,6 +1574,9 @@
        case IP_FW_F_UDP:
                fprintf(fp, "%-5s", "udp");
                break;
+       case IP_FW_F_ICMP:
+               fprintf(fp, "%-5s", "icmp");
+               break;
        }

        sec100s = ms->expires % HZ;
@@ -1668,9 +1674,10 @@
                        ms->kind = IP_FW_F_TCP;
                else if (strcmp("UDP", buf) == 0)
                        ms->kind = IP_FW_F_UDP;
+               else if (strcmp("ICMP", buf) == 0)
+                       ms->kind = IP_FW_F_ICMP;
                else
                        exit_error(1, "unexpected input data");
-
                /* we always keep these addresses in network byte order */
                ms->src.s_addr = (__u32) htonl(temp[0]);
                ms->dst.s_addr = (__u32) htonl(temp[1]);
--
Domas Mituzas
School of New Communications. Linux department.
Now I'm pregnant... X-Ray proves - it's a penguin again!

home help back first fref pref prev next nref lref last post