From owner-freebsd-security Mon Apr 19 11:28:29 1999 Delivered-To: freebsd-security@freebsd.org Received: from kinetic.tiora.net (kinetic.tiora.net [206.251.130.15]) by hub.freebsd.org (Postfix) with ESMTP id 3BC541523C for ; Mon, 19 Apr 1999 11:28:21 -0700 (PDT) (envelope-from liam@kinetic.tiora.net) Received: from localhost (liam@localhost) by kinetic.tiora.net (8.9.3/8.9.3) with ESMTP id LAA00011 for ; Mon, 19 Apr 1999 11:24:59 -0700 (PDT) Date: Mon, 19 Apr 1999 11:24:59 -0700 (PDT) From: Liam Slusser To: security@FreeBSD.ORG Subject: Re: poink attack (was Re: ARP problem in Windows9X/NT) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In a earlier email Chris said his fbsd 3.x was affected...and also said arp errors in /var/log/messages in 2.2.5....but this looks like a WinNT/9x DoS from the geek-girl report here. Is fbsd affected..and if so..what versions? Thanks! ;) liam System Administrator Tiora Networks | www.tiora.net <---- tiora's webpage www.tiora.net/~liam <----- homepage | liam@tiora.net <-- my email address Lowered turbo powered Honda Civic's are really cool. <---------- my quote On Mon, 19 Apr 1999, Daniel Hagan wrote: > I don't have time to find the archive URL for this post right now, but > this should give people something to work with. The header to the code > has a URL reference to another (originating ?) article. > > Daniel > > -- > Daniel Hagan > Computer Systems Engineer > dhagan@cs.vt.edu > > ---------- Forwarded message ---------- > Date: Tue, 13 Apr 1999 11:25:34 -0700 > From: route@RESENTMENT.INFONEXUS.COM > To: BUGTRAQ@NETSPACE.ORG > Subject: Re: ARP problem in Windows9X/NT > > [kay wrote] > | > | Could you be more specific with those XX-fields ? > > The source ethernet address appears to be arbitrary. The destination > ethernet address needs to be either the address of the target host, or > a broadcast address. > > | I started writing that proggie with plain syscalls, but it would only run > | on Linux, so I modified one of the examples in Route's Libnet 0.9 to do > | the stuff. I haven't tested it yes since I don't have LAN at home... > > Didn't test your code. Rolled my from the same libnet example, and it > does work against NT and 95/98. > > | For those who are still wondering what the hell Libnet is: check out > | http://www.infonexus.com/~demon9 > > My site has moved temporarily to http://lazy.accessus.net/~route. > Libnet is hosted there for the time being > (http://lazy.accessus.net/~route/Libnet) but will move to > http://www.packetfactory.net when I get that site up. > > For those of you who don't know, Libnet is a library for portable > injection. It is the `libpwrite` analog to libpcap. I suppose this is > as good a time as any to announce the release of version 0.99 which adds > a lot of new functionality and fixes a few bugs. > > Oh yah. Here's poink. Poink-poink! > > /* > * $Id$ > * > * poink.c - NT/9x DOS attack > * > * Code: > * Copyright (c) 1999 Mike D. Schiffman > * route|daemon9 > * All rights reserved. > * > * Original Idea: > * Joel Jacobson (joel@mobila.cx) > * > * This simple exploit was written as per the specification from Joel > * Jacobson's bugtraq post (http://geek-girl.com/bugtraq/1999_1/1299.html). > * > * Needs libnet 0.99. > * Currently: http://lazy.accessus.net/~route/libnet > * Soon: http://www.packetfactory.net/ > * > * gcc poink.c -o poink -lnet > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions > * are met: > * 1. Redistributions of source code must retain the above copyright > * notice, this list of conditions and the following disclaimer. > * 2. Redistributions in binary form must reproduce the above copyright > * notice, this list of conditions and the following disclaimer in the > * documentation and/or other materials provided with the distribution. > * > * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND > * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE > * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE > * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE > * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL > * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS > * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) > * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT > * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY > * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF > * SUCH DAMAGE. > * > */ > > [ Source program cut, see geek-girl.com for archive ] > > -- > I live a world of paradox... My willingness to destroy is your chance for > improvement, my hate is your faith -- my failure is your victory, a victory > that won't last. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message