Home page logo
/

bugtraq logo Bugtraq mailing list archives

ip header id patched.
From: awgn () COSMOS IT (awgn () COSMOS IT)
Date: Sat, 19 Dec 1998 20:53:26 +0100


As recently discovered, there's the way to make a sweep of ports-check
hiding the ip source.
The matter comes while ip_output.c ( in linux kernel 2.0.x ), forges and
queues
packets, using a simple ID increment.
This gives the chance to guess how many packets were sent, and as
explained
in paper about the ip header id (
http://www.geek-girl.com/bugtraq/1998_4/0609.html ),
the opportunity of ip abusing in portscanning.
To change the fixed unary step in a random one, seems to be a good fix.

Happy kernel hacking. :-)
------------------------------------------------------------------------------
--- ip_output.c.  Fri Apr 17 16:42:38 1998
+++ ip_outout.c.patched   Fri Apr 17 17:17:15 1998
@@ -32,2 +32,3 @@
  *     Juan-Mariano de Goyeneche       traffic generated locally.
- */
+ *     awgn roofing:                   to prevent _ip abuse_ as third in hscan.
+ */
@@ -42,4 +42,5 @@
 #include <linux/errno.h>
 #include <linux/config.h>
+#include <linux/random.h>

 #include <linux/socket.h>
@@ -451,3 +451,4 @@
 {
+       u_char rand_step;
        unsigned int tot_len;
        struct iphdr *iph;
@@ -485,3 +485,5 @@
                case 1:
                        iph->id = htons(ip_id_count++);
+                       (void) get_random_bytes(&rand_step,1);
+                       ip_id_count += ( rand_step & 0x0f );
        }
@@ -637,3 +637,4 @@
 {
+       u_char rand_step;
        struct rtable *rt;
        unsigned int fraglen, maxfraglen, fragheaderlen;
@@ -754,4 +754,6 @@
                        iph->id=htons(ip_id_count++);
+                       (void) get_random_bytes(&rand_step,1);
+                       ip_id_count += ( rand_step & 0x0f );
                        iph->frag_off = 0;
                        iph->ttl=sk->ip_ttl;
                        iph->protocol=type;
-------------------------------------------------------------------------

awgn () cosmos it  [ we're working to make dyndns alive, again! ]

meet us:        #hackers () IRCity org



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]