[2795] in bugtraq
Re: nuke
daemon@ATHENA.MIT.EDU (Vadim Kolontsov)
Mon Jun 24 13:33:19 1996
Date: Mon, 24 Jun 1996 16:44:30 +0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Vadim Kolontsov <vadim@tversu.ac.ru>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199606212123.RAA09399@narq.avian.org>
On Fri, 21 Jun 1996, *Hobbit* wrote:
> The right way is to fire a completed packet out a RAW/IP_HDRINCL socket so you
> can give it an arbitrary source address, but I never actually had the time
> to get this working [as opposed to simply crashing the machine]. Anyone else
> have something similar working to offer as an example?
Some times ago I wrote this version of nuke (called Nuke-II). My
variant of this program can send ICMP_UNREACH-packets with arbitrary source
address (using raw-socket/ip_hdrincl) - I wanted to check if FreeBSD
(which we use) can be fooled that way. Nuke-II was never distributed (yet :)
But FBSD simpy drops all ICMP_UNREACH-packets, if TCP/IP-connection
already established, so you can't nuke fbsd mashine. For details, see
kernel sources (/usr/src/sys/netinet/tcp_subr.c, tcp_notify() - for FreeBSD
2.1.0-RELEASE)
Best regards, Vadim.
----------------------------------------------------------------------------
Vadim Kolontsov Internet: vadim@tversu.ac.ru
System Administrator / Programmer Fidonet: 2:5020/118.63
The Regional Center of New Information Technologies / Computer Networks Lab
