From owner-freebsd-hackers Thu Jun 11 10:41:44 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA09816 for freebsd-hackers-outgoing; Thu, 11 Jun 1998 10:41:44 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from freefall.pipeline.ch (intranet.pipeline.ch [195.134.128.66]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA09784 for ; Thu, 11 Jun 1998 10:41:37 -0700 (PDT) (envelope-from andre@pipeline.ch) Received: from pipeline.ch ([195.134.128.41]) by freefall.pipeline.ch (Netscape Mail Server v2.02) with ESMTP id AAA235 for ; Thu, 11 Jun 1998 19:40:07 +0200 Message-ID: <3580168C.ED1F4831@pipeline.ch> Date: Thu, 11 Jun 1998 19:40:28 +0200 From: "IBS / Andre Oppermann" Organization: Internet Business Solutions Ltd. (AG) X-Mailer: Mozilla 4.03 [en] (WinNT; U) MIME-Version: 1.0 To: hackers@FreeBSD.ORG Subject: [Fwd: Secure Ping 1.0] Content-Type: multipart/mixed; boundary="------------FB06272AE2F75264B6D537D8" Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. --------------FB06272AE2F75264B6D537D8 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit This looks promising ;-) -- Andre Oppermann CEO / Geschaeftsfuehrer Internet Business Solutions Ltd. (AG) Hardstrasse 235, 8005 Zurich, Switzerland Fon +41 1 277 75 75 / Fax +41 1 277 75 77 http://www.pipeline.ch ibs@pipeline.ch --------------FB06272AE2F75264B6D537D8 Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline Return-Path: Received: from brimstone.netspace.org ([128.148.157.143]) by freefall.pipeline.ch (Netscape Mail Server v2.02) with ESMTP id AAA226 for ; Thu, 11 Jun 1998 18:29:01 +0200 Received: from unknown@netspace.org (port 41264 [128.148.157.6]) by brimstone.netspace.org with ESMTP id <862-10799>; Thu, 11 Jun 1998 12:30:37 -0400 Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8c) with spool id 1149611 for BUGTRAQ@NETSPACE.ORG; Thu, 11 Jun 1998 12:20:05 -0400 Received: from brimstone.netspace.org (brimstone.netspace.org [128.148.157.143]) by netspace.org (8.8.7/8.8.7) with ESMTP id MAA21742 for ; Thu, 11 Jun 1998 12:09:54 -0400 Received: from unknown@netspace.org (port 41264 [128.148.157.6]) by brimstone.netspace.org with ESMTP id <96094-10798>; Thu, 11 Jun 1998 12:10:58 -0400 Approved-By: aleph1@DFW.NET Received: from mail.sy.net (mail.sy.net [209.146.21.4]) by netspace.org (8.8.7/8.8.7) with SMTP id DAA12188 for ; Thu, 11 Jun 1998 03:36:53 -0400 Received: (qmail 23402 invoked from network); 11 Jun 1998 08:39:52 -0000 Received: from ip230.washington11.dc.pub-ip.psi.net (HELO buglord.erols.com) (buglord@38.30.47.230) by mail.sy.net with SMTP; 11 Jun 1998 08:39:52 -0000 X-Sender: buglord@buglord.erols.com MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Message-ID: Date: Thu, 11 Jun 1998 03:36:53 -0400 Reply-To: Bug Lord Sender: Bugtraq List From: Bug Lord Subject: Secure Ping 1.0 To: BUGTRAQ@NETSPACE.ORG This is a rather quick and dirty ping mod I whipped up, mostly stuff that is done by intelligent admins (or else they remove ping access entirely), but I have never seen a ready-made package for such mods so here goes. Besides there are far too many people with too much bandwidth who do not fall under the previous admin catagory (the most obvious example of this being almost anyone running redhat linux on a university dorm connection). =) This is done as a complete program rather then a patch in the hopes of making it as simple as possible for those less cluefully endowed. And if you're in it for new features, I don't think anyone has ever done the logging of sigalrm bombs. =) >From the README: Program ------- SecurePing 1.0 by Bug Lord. Based off of netkit-base-0.10 w/ping 0.12. Apologies to Solar Designer for ripping the name but I thought of it before I remembered Secure-Linux and I'm too tired to rename it. =) Purpose ------- Ping was designed with the best of intentions, allowing users and admins alike to test their networks. Unfortunately, too often it is associated with Denial of Service attacks, and is often disabled (at least for non-root users). With the standard ping distributed on most systems today, a non-root user can easily cause DoS attacks even without the -f flood option. What admin hasn't logged on one day to see twenty "ping -s 65000" processes happily sucking up your network resources? It seems anywhere there is ping and a non-trusted user, chaos ensues. Not to mention having to explain why your box was responsible when the person being hit calls you or your uplink. What a headache, no wonder people disable ping. The goal of this program is to permit benign activity from well-meaning users while preventing malicious users from flooding others, and logging such attempts. Features -------- - Admin-definable packet size limits for root and non-root users. - Log attempted unauthorized flood/preload and over-size-limit attempts. - Log and prevents SIGALRM-bomb floods. - REAL simple + easy Libc/Glibc support Possible Future Additions ------------------------- - Limits on the number of times one user can run ping simultaneously. - Size limits for more than "root" and "not-root". Groups, etc. - Dynamic configuration, perhaps /etc/ping.conf or some such. - Log total bytes sent/received during a ping session. Platforms --------- Linux... As much as I would like to develop programs for other environments, the unfortunate fact is that I don't have access to any non-linux systems. If you can provide a (legit) account on another environment (FreeBSD most especially needed), please contact me. How to use ---------- Just edit config.h, everything is clearly explained there. Then configure, make, and make install as root. If you can't figure this part out then maybe this program is not for you. =) Thanks to --------- Kerry and Kyle for the motivation (good job guys), habit for the spell checking, Ted & Ramsey for my phone bills, and anyone else that I forgot. Contact ------- IRC: Bug_Lord (EFnet) EMAIL: buglord@sy.net Latest Version -------------- The latest version of SecurePing can be found at http://www.sy.net/security Shameless Plug -------------- Visit http://shell.sy.net for the most affordable, reliable, stable, and secure shells available to mere mortals. --------------FB06272AE2F75264B6D537D8-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message