From owner-freebsd-hackers Fri Mar 9 8: 4: 9 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from postal.jnpr.net (natint.juniper.net [207.17.136.129]) by hub.freebsd.org (Postfix) with ESMTP id 6D5C937B71B; Fri, 9 Mar 2001 08:04:02 -0800 (PST) (envelope-from walterg@juniper.net) Received: by postal.jnpr.net with Internet Mail Service (5.5.2653.19) id ; Fri, 9 Mar 2001 08:04:02 -0800 Message-ID: From: Walter Goralski To: "'freebsd-hackers@freebsd.org'" , "'freebsd-net@freebsd.org'" Subject: Generating SYN packets. Date: Fri, 9 Mar 2001 08:03:58 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="ISO-8859-1" Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Folks: Andreas Klemm, who ported cflowd to FreeBSD, suggested I use this vehicle to see if I could get some help. I am a course developer for Juniper Networks, and I have just written a 2-day advanced course on router firewall filters (this is one reason for the cflowd). We have participants in a strictly closed lab environment configuring filters to stop spoofs, smurf, fraggle, etc. In order to show they work, we also have a 4.2 FreeBSD laptop that can launch smurf, fraggle, etc. at the routers and the instructor's PC. The missing piece has been DOS SYN attacks. I have the really common "synk4.c" source that is all over the Web, but I get errors when I try to compile it ("it's the linux includes" someone told me). Now, I last used my C programming skills in the 80s on a Silent 700 teletype and a 3B20 mini, so I tried playing around with "programming by analogy" (hey, it sometimes works). I took fraggle.c and tried to substitute a tcp header for the udp header. Anyway, the compiler tells me there is a syntax error in tcp.h (right before the "n_long"), which strikes me as odd. Then it says I am using an "incomplete type" and dereferences all of my pointers. Sometimes I can force a compile and lonk, but none of my paramters get plugged into the packets when I use it. So: anybody got a quick and dirty SYN packet generator out there? A version of synk4 that runs on 4.2? An executable? I even tried to install hping2 from the FreeBSD ports collection, but of course *that* won't run either. (It says my ep0 interface is not defined (!) and seems to try to use lo.) If I use "make install," I get these run time errors; if I use "./configure" and then "make" I get compile errors, also about "overlapping" includes. (***Are my include files all screwed up?*** How could I tell?) But the cflowd and RADIUS servers, also installed a couple of weeks ago from these ports, run merrily along, so the basic system seems to be intact. I don't think my programming efforts have scrammed the system (and I don't have the cd-rom, since it's a company laptop), but I am very worried that I have somehow harmed the .h files. Meanwhile, I'm re-learning BSD socket coding. But this might be faster if anyone can help. (As a note, if anyone out there works for Juniper, I can configure remote access to the laptop if required.) Walter Goralski walterg@juniper.net 952-938-4483 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message