[9264] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Win98 Crash?

daemon@ATHENA.MIT.EDU (route@RESENTMENT.INFONEXUS.COM)
Wed Jan 27 17:28:21 1999

Date: 	Tue, 26 Jan 1999 13:41:36 -0800
Reply-To: route@RESENTMENT.INFONEXUS.COM
From: route@RESENTMENT.INFONEXUS.COM
X-To:         dorqus@FREEK.COM
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <19990125143154.D3004@freek.com> from "dorqus maximus" at Jan 25,
              99 02:31:54 pm

[dorqus maximus wrote]
|
| This oshare.c code may have crashed our Checkpoint Firewall-1, version 3.0b,
| Build Number: 3083. (Sun Sparc, Solaris 2.5.1)

    Sending 10,000 (not really --see below) of these `oshare` packets failed
    to do anything to the following machines:

    OpenBSD 2.4
    FreeBSD 3.0
    Solaris 2.7
    Linux 2.1.124 SMP
    Windows 98

    A cursory glance at the code reveals two noteworthy things:

    1. There is no pause during packet injection.  This results in a large
       amount of dropped packets.  Your results will vary, but on my 100Mb
       ethernet, I saw about a 30% - 40% packet loss.

    2. The packet is built inside a 40 byte buffer, yet is assigned a size
       of 44 bytes (and a header length of 44 bytes).  The checksum is also
       computed across this phantom 44 byte size.  When injecting into the
       network, however, only the original 40 bytes are written (anything
       larger, of course, would likely end up SIGSEGVing).  The end result is
       a bad checksum on the other end.

    Finally, in closing, allow me to shamelessly plug libnet.  Again.  Libnet,
    simply put, is a C library for portable packet creation.  The above
    `exploit` under libnet, can be rewritten portably in minutes.  Beyond that
    (especially when combined with libpcap) it can be used to build powerful
    network applications without worrying about low-level packet interface
    nuances.  Soon to be released version .10 offers numerous bug and
    portability fixes, several new utility and packet building modules, as
    well as additions to the FreeBSD and OpenBSD Ports collection.

    http://www.infonexus.com/~daemon9/Libnet

--
I live a world of paradox... My willingness to destroy is your chance for
improvement, my hate is your faith -- my failure is your victory, a victory
that won't last.
home help back first fref pref prev next nref lref last post