[2785] in bugtraq
nuke
daemon@ATHENA.MIT.EDU (*Hobbit*)
Mon Jun 24 03:05:42 1996
Date: Fri, 21 Jun 1996 17:23:55 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: *Hobbit* <hobbit@avian.org>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
All I did to "nuke" was throw in the redirect stuff, and later made it so
one can do "-s srcaddr" which is pretty much needed for redirects to work
at all against a real TCP stack. The code to handle -s depends on binding to
an extant interface address a la netcat, which is lame and as a result I don't
believe -s is in the current "nnuke" at all.
The right way is to fire a completed packet out a RAW/IP_HDRINCL socket so you
can give it an arbitrary source address, but I never actually had the time
to get this working [as opposed to simply crashing the machine]. Anyone else
have something similar working to offer as an example?
Why the people running IRC servers are allowing "their-own-net" spoofed
packets in at all I can't imagine, but last time I checked many of them
were. If it's any comfort regarding actual IRC sessions, the server code does
a setsockopt to flush IP options, so you can get an established *connection*
via source routing but then it won't actually talk to you. The bytes you send
pile up in the send-q buffer, visible via netstat. Tcpd does the same thing,
and rlogind/rshd, etc, all for the obvious reason...
_H*
