From owner-freebsd-current  Sat Oct 24 01:45:05 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA26157
          for freebsd-current-outgoing; Sat, 24 Oct 1998 01:45:05 -0700 (PDT)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from adelphi.physics.adelaide.edu.au (adelphi.physics.adelaide.edu.au [129.127.36.247])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA26151
          for <current@freebsd.org>; Sat, 24 Oct 1998 01:45:02 -0700 (PDT)
          (envelope-from kkennawa@physics.adelaide.edu.au)
Received: from photon (photon [129.127.36.4])
	by adelphi.physics.adelaide.edu.au (8.8.8/8.8.8/UofA-1.5) with SMTP id SAA20189;
	Sat, 24 Oct 1998 18:14:28 +0930 (CST)
Received: from localhost by photon; (5.65/1.1.8.2/04Aug95-0645PM)
	id AA00793; Sat, 24 Oct 1998 18:14:25 +0930
Date: Sat, 24 Oct 1998 18:14:23 +0930 (CST)
From: Kris Kennaway <kkennawa@physics.adelaide.edu.au>
To: Don Lewis <Don.Lewis@tsc.tdk.com>
Cc: current@FreeBSD.ORG
Subject: Re: nestea v2 against freebsd 3.0-Release (fwd)
In-Reply-To: <199810240715.AAA23010@salsa.gv.tsc.tdk.com>
Message-Id: <Pine.OSF.4.05.9810241807550.791-100000@photon.physics.adelaide.edu.au>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, 24 Oct 1998, Don Lewis wrote:

> On Oct 24, 12:07pm, Kris Kennaway wrote:
> } Subject: nestea v2 against freebsd 3.0-Release (fwd)
> } I tested this against myself this morning and it panicked the machine - I had
> } to run as root to hit the 127.0.0.1 target, but perhaps someone could confirm
> } whether it works against remote machines?
> 
> Huh?  The copy of nestea2 that I've got (from a bugtraq message) won't even
> run under 3.0.  The last sendto() fails with errno == EINVAL.  If I bypass
> the sanity check in rip_output() that looks for the bogus length in the IP
> header, then the program runs but I don't see any crashes.  All that happens
> is that the equivalent sanity check in ip_input() detects the problem and
> increments ipstat.ips_tooshort.  I can see this in netstat -s

rootshell.com has a .tgz containing a linux compiled binary - that's the one I
ran [1]. Perhaps it was the linuxulator which crashed me, instead of what the
program itself did.

Kris

[1] This might not have been so bright :-)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message