Bugtraq mailing list archives
Juggernaut 1.1 patch
From: route () RESENTMENT INFONEXUS COM (G P R)
Date: Tue, 15 Apr 1997 10:51:05 -0700
-----BEGIN PGP SIGNED MESSAGE----- Ok. Juggernaut goes out, and the bug reports roll in. I am sure this is probably just the first of several updates, but I wanted to get this out ASAP. As always, comments appreciated. Fixed in the 1.1 patchfile: Connection spying now correctly isolates TCP circuits Connection RSTing now resets better. The interface drops the promiscuous mode flag upon exiting Thanks to Sandu Mihai and techs () obfuscation org. To patch the source files: cd Juggernaut extract filename_containing_patch make clean patch < juggernaut1.0-1.1.patch make If the patch fails: If the patch fails when patching net.c, it is because the extraction utility adds about 10 CR's starting around line 280. Simply find the closing paren 10 lines down and bring it up to the end of the first fprintf line so it looks something like this: if(fp){ fprintf(fp,"\n-- [....] ,ntohs(target->dport)); time(&tp); ^^ this guy goes here. If this fails, either patch it by hand (it's really not that much) or mail me and I will send you the updated source file. - route [4.15.97] <++> juggernaut1.0-1.1.patch - --- main.c.old Tue Apr 15 10:08:05 1997 +++ NumberOneCrush/main.c Tue Apr 15 10:09:06 1997 @@ -42,7 +42,7 @@ #define DEVICE "eth0" #define LOGFILE "./juggernaut.log.spy" - -char version[]="1.0\0"; +char version[]="1.1\0"; int sigsentry=1; /* Signal sentry */ int ripsock=0; /* RIP socket */ int linksock=0; /* SOCK PACKET socket */ - --- net.c Tue Apr 15 10:30:47 1997 +++ NumberOneCrush/net.c Tue Apr 15 10:31:48 1997 @@ -92,13 +92,14 @@ * mode. */ - -int tap(device) +int tap(device,mode) char *device; +int mode; { int fd; struct ifreq ifr; /* Link-layer interface request structure */ - - /* Ethernet code for IP 0x800==ETH_P_IP */ + /* Ethernet code for IP 0x0800==ETH_P_IP */ if((fd=socket(AF_INET,SOCK_PACKET,htons(ETH_P_IP)))<0){ if(verbosity)perror("(tap) SOCK_PACKET allocation problems [fatal]"); exit(1); @@ -109,16 +110,22 @@ close(fd); exit(1); } - - ifr.ifr_flags|=IFF_PROMISC; /* Set promiscuous mode */ + if(!mode)ifr.ifr_flags^=IFF_PROMISC; /* Unset promiscuous mode */ + else ifr.ifr_flags|=IFF_PROMISC; /* Set promiscuous mode */ if((ioctl(fd,SIOCSIFFLAGS,&ifr))<0){ /* Set flags */ - - if(verbosity)perror("(tap) Can't set promiscuous mode [fatal]"); + if(verbosity)perror("(tap) Can't set/unset promiscuous mode [fatal]"); close(fd); exit(1); } - - return(fd); + if(!mode){ + close(fd); + return(0); + } + else return(fd); } + /* * Gimme a raw-IP socket. Use of IP_HDRINCL is automatic with 2.0.x * kernels. Not sure about 1.2.x @@ -261,7 +268,7 @@ void dumpp(char *,int,FILE *); extern int sigsentry; - - int tlinksock=tap(DEVICE); /* Spying tap. XXX- Really dumb way to do this... */ + int tlinksock=tap(DEVICE,1); /* Spying tap. XXX- Really dumb way to do this... */ time_t tp; ALIGNNETPOINTERS(); @@ -273,7 +280,7 @@ fprintf(fp,": Log started:\t\t%s---------------------------------------------------------------------\n",ctime(&tp)); } /* NO alaram timeout here. SIGINT kills our spy session */ - - while(sigsentry)if(recv(tlinksock,&epack,sizeof(epack),0))if(iphp->protocol==IPPROTO_TCP)if(iphp->saddr==target->daddr&&tcphp->source==target->dport)dumpp(epack.payload-2,htons(iphp->tot_len)-sizeof(epack.ip)-sizeof(epack.tcp),fp); + while(sigsentry)if(recv(tlinksock,&epack,sizeof(epack),0))if(iphp->protocol==IPPROTO_TCP)if(iphp->saddr==target->daddr && iphp->saddr==target->daddr && tcphp->dest==target->sport)dumpp(epack.payload-2,htons(iphp->tot_len)-sizeof(epack.ip)-sizeof(epack.tcp),fp); if(fp){ fprintf(fp,"\n---------------------------------------------------------------------\n: Juggernaut connection spy log trailer\n: %s [%d]\t-->\t %s [%d]\n",hostLookup(target->saddr),ntohs(target->sport),hostLookup(target->daddr),ntohs(target->dport)); @@ -337,8 +344,8 @@ unsigned short tlen; }*ppheader; - - static int moot=0; - - int tlinksock=tap(DEVICE); + int moot=0; + int tlinksock=tap(DEVICE,1); ALIGNNETPOINTERS(); @@ -441,7 +448,7 @@ extern int ripsock; extern int acrstpid; char *tempBuf=0; - - int tlinksock=tap(DEVICE); + int tlinksock=tap(DEVICE,1); switch((acrstpid=fork())){ /* Drop a child to backround, return the parent to continue */ @@ -560,7 +567,7 @@ extern int netreadtimeout; static int len; char *tempBuf; - - int tlinksock=tap(DEVICE); + int tlinksock=tap(DEVICE,1); ALIGNNETPOINTERS(); @@ -665,7 +672,7 @@ extern int netreadtimeout; extern int sigsentry; static int len; - - int tlinksock=tap(DEVICE); + int tlinksock=tap(DEVICE,1); ALIGNNETPOINTERS(); @@ -789,7 +796,7 @@ int grabflag=0; /* Time to grab some packets */ unsigned long targetsourceip=0; unsigned short targetsourceport=0; - - int tlinksock=tap(DEVICE); + int tlinksock=tap(DEVICE,1); if(!(fp=fopen(SNIFLOG,"a+"))){ /* Log to file */ if(verbosity){ - --- surplus.c.old Tue Apr 15 10:08:05 1997 +++ NumberOneCrush/surplus.c Tue Apr 15 10:04:59 1997 @@ -29,6 +29,7 @@ #define HELPFILE "./ClothLikeGauze/.help" #define FBUFSIZE 80 #define MINIBUF 10 +#define DEVICE "eth0" extern int verbosity; @@ -346,6 +347,7 @@ void cleanexit(){ void powerdown(); + int tap(char *,int); extern int ripsock; extern int hpid; @@ -353,6 +355,7 @@ close(ripsock); powerdown(); + tap(DEVICE,0); /* Unset promisc mode on the interface */ if(kill(hpid,SIGUSR1))if(verbosity){ /* Send signal to the hunter */ perror("(cleanexit) Could not signal hunter"); fprintf(stderr,"[cr]"); <--> juggernaut1.0-1.1.patch EOF - -- [human acquiescence is as easily obtained by terror as by temptation] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBM1O/1AtXkSokWGapAQEuSQQAj4pAwtVMCfqtMBoqJXGGVbpbyKRp+F6E Fv7tEw167kfD/8/lDiEzXXfO97BTPieVDqyrq50DGo5Rd2CJL1ntUUv6Y6qRDg7e cqaHNFyhmoVnpElqFhUng1gGJjttEUXKQGJdWnGNrtkMJlfB/Ydl8ligWCto8uIJ Kig1GrzurIU= =zk/f -----END PGP SIGNATURE-----
Current thread:
- 2nd Linux kernel patch to remove stack exec, (continued)
- 2nd Linux kernel patch to remove stack exec Solar Designer (Apr 13)
- Re: 2nd Linux kernel patch to remove stack exec Systemkennung Linux (Apr 13)
- Re: 2nd Linux kernel patch to remove stack exec Solar Designer (Apr 13)
- Re: 2nd Linux kernel patch to remove stack exec Systemkennung Linux (Apr 13)
- Re: 2nd Linux kernel patch to remove stack exec David S. Miller (Apr 13)
- Re: 2nd Linux kernel patch to remove stack exec Systemkennung Linux (Apr 13)
- Re: 2nd Linux kernel patch to remove stack exec Systemkennung Linux (Apr 13)
- more l0phtcrack errata Systemkennung Linux (Apr 13)
- 2nd Linux kernel patch to remove stack exec Solar Designer (Apr 13)
- PGP Distributed Attack Aleph One (Apr 14)
- Re: PGP Distributed Attack Perry E. Metzger (Apr 14)
- Re: PGP Distributed Attack Paul C Leyland (Apr 15)
- Juggernaut 1.1 patch G P R (Apr 15)
- Re: PGP Distributed Attack Ubermensch (Apr 14)
- Re: PGP Distributed Attack Tom Guptill (Apr 14)
- Re: 2nd Linux kernel patch to remove stack exec Bernd Schmidt (Apr 14)
- mail bombing ;-) Alain Mellan (Apr 14)
- Re: 2nd Linux kernel patch to remove stack exec Andreas Borchert (Apr 14)