Re: BoS: Ping exploit program

[darrenr () cyber com au (Darren Reed)]

In some mail I received from Bill Fenner, sie wrote
> Since some people don't necessarily have Windows '95 boxes lying around,
> I wrote the following exploit program.  It requires a raw socket layer
> that doesn't mess with the packet, so BSD 4.3, SunOS and Solaris are out.
> It works fine on 4.4BSD systems.  It should work on Linux if you compile
> with -DREALLY_RAW.
>
> Feel free to do with this what you want.  Please use this tool only to test
> your own machines, and not to crash others'.  Mike, would you put it up on
> your web page?
>
>   Bill

Bill, I wrote a program called "ipsend" some time ago that I later split up
into iptest/ipsend/ipresend.  iptest basically does lots of nasty things,
including attempting to send huge packets, etc.  It does it using NIT/BPF
and DLPI - but I've only tested on Solaris/BSD/Linux.

If you want to have a look at it:

ftp://coombs.anu.edu.au/pub/net/misc/ipsend.tar.gz

To give you a brief of the other programs:
* ipresend takes a tcpdump binary dump/snoop binary dump
or other input (such as textual descriptions of IP packets) and sends that
out through the above;
* ipsend is a command line interface for sending a single packet or doing
  "stealth scanning";

Ideally, ipresend could be used with a know set of inputs which create a
set of nasty packets (that aren't covered in iptest) and you could use that
to test the rigidity of your IP stack after making any changes.  iptest is
a quick and fixed implementation of a fixed number of tests.

Darren