From owner-freebsd-security Thu Aug 24 13: 4:25 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id C8C4837B422 for ; Thu, 24 Aug 2000 13:04:22 -0700 (PDT) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Thu, 24 Aug 2000 13:03:15 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.9.3/8.9.3) id NAA59257; Thu, 24 Aug 2000 13:04:21 -0700 (PDT) (envelope-from cjc) Date: Thu, 24 Aug 2000 13:04:21 -0700 From: "Crist J . Clark" To: "David G. Andersen" Cc: freebsd-security@FreeBSD.ORG Subject: Re: Blackhat Firewall-1 Codes Message-ID: <20000824130421.A59226@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <20000822233432.K28027@149.211.6.64.reflexcom.com> <200008230639.AAA04483@faith.cs.utah.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <200008230639.AAA04483@faith.cs.utah.edu>; from dga@pobox.com on Wed, Aug 23, 2000 at 12:39:52AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Aug 23, 2000 at 12:39:52AM -0600, David G. Andersen wrote: > Without looking at all at the code, but speaking from having ported > numerous of these things to FreeBSD, I'll hazard a few guesses: > > - differing levels of "rawness" between BSD and Linux; > BSD raw sockets perform an htons() on the ip_len, ip_off, > and ip_tos fields. > > - set sin_len in your struct sockaddr_in; not all systems > have this field. > > - set IP_HDRINCLUDE and other friends when opening the raw socket, > if they're not already. > > Happy porting. Hmmm.. Is this just FreeBSD as opposed to a *BSD thing? The authors claim the codes were "developed and tested on OpenBSD and Linux." > Lo and behold, Crist J . Clark once said: > > > > > > I have been trying to get the 'fw1tun' codes to run under FreeBSD. I > > have been getting, > > > > $ ./icmp [args] > > sendto: Invalid argument > > > > Oh, just for the record, I am trying to see if some firewalls we have > > (ones not on the Internet, so no games from any kids out there) can be > > exploited. > > -- > > Crist J. Clark cjclark@alum.mit.com > > > -- > work: dga@lcs.mit.edu me: dga@pobox.com > MIT Laboratory for Computer Science http://www.angio.net/ -- Crist J. Clark cjclark@alum.mit.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message