more detail and summary of kod.c (igmp bug for windows)

[klepto () LEVITATE NET (klepto)]

Ok,
here we go again.. 
For those who are having trouble with kod, alot of you are using a very old version which was the first i submitted.
inserted is the lastest version which should work. I wrote kod.c aka cherrycoke.c about 3-4 months ago. 
It sends a fragmented igmp packet to a windows client that states that it is not fragmented but there are more frags to 
come
windows assembles the packets and dies trying. Here is a dump of the packet if you want to rewrite it.

/* output via tcpdump or windump95
63.66.66.44 > 24.128.158.18: igmp-2 [v0][|igmp] (frag 52242:63.66.66.44 > 24.128.158.18: igmp-2 [v0][|igmp] (frag 
52242:1480@0+) (ttl 128)
63.66.66.44 > 24.128.158.18: (frag 52242:63.66.66.44 > 24.128.158.18: (frag 52242:1480@1480+) (ttl 128)
63.66.66.44 > 24.128.158.18: (frag 52242:63.66.66.44 > 24.128.158.18: (frag 52242:1480@2960+) (ttl 128)
63.66.66.44 > 24.128.158.18: (frag 52242:63.66.66.44 > 24.128.158.18: (frag 52242:1480@4440+) (ttl 128)
63.66.66.44 > 24.128.158.18: (frag 52242:63.66.66.44 > 24.128.158.18: (frag 52242:1480@5920+) (ttl 128)
63.66.66.44 > 24.128.158.18: (frag 52242:63.66.66.44 > 24.128.158.18: (frag 52242:1480@7400+) (ttl 128)
63.66.66.44 > 24.128.158.18: (frag 52242:63.66.66.44 > 24.128.158.18: (frag 52242:1480@8880+) (ttl 128)
63.66.66.44 > 24.128.158.18: (frag 52242:63.66.66.44 > 24.128.158.18: (frag 52242:1480@10360+) (ttl 128)
63.66.66.44 > 24.128.158.18: (frag 52242:63.66.66.44 > 24.128.158.18: (frag 52242:1480@11840+) (ttl 128)
63.66.66.44 > 24.128.158.18: (frag 52242:63.66.66.44 > 24.128.158.18: (frag 52242:1480@13320+) (ttl 128)
63.66.66.44 > 24.128.158.18: (frag 52242:63.66.66.44 > 24.128.158.18: (frag 52242:1480@14800+) (ttl 128)
63.66.66.44 > 24.128.158.18: (frag 52242:63.66.66.44 > 24.128.158.18: (frag 52242:120@16280) (ttl 128)
*/

::notice the last frag it changed length..

I have also ported kod to windows and please email me if you want a copy of it.

As far as I can tell due to my exaustive research on the subject it works on 95/98/98se/2k(some betas)

Friends of mine such as defile/nyt/ignitor/etc have rewritten kod to suit there needs..

I have tested kod.c out alot on many machines and it works 85% of the time for me.
There are circumstances to why kod doesn't always work, some routers my drop igmp packets if
the source isn't local so try spoofing =). As far as I can see netcom and alot of .ca servers drop the kod packets.
So please dont bark at me =) I just found the bug, wrote the code and what you do with it is your concern =).

Patch:
(no hotfix currently)
If you want to protect yourself from kod.c I suggest you get winroute from www.winroute.com
get version 4.. It automatically drops igmp packets incoming and outgoing ha =)
It is also a very good portmapper/NAT firewall/ip masqer as well..

Shoutouts: amputee/ignitor/nizda/antibyte/codelogic/ill`/chord/cheesebal/traveler/winx/naz/dist/mrcide/etc...
(gotta give shoutouts)

hasta,

klepto@Efnet
or klepto () levitate net
de omnibus dubitandum