Date: Sat, 28 Nov 1998 15:25:46 +0100
From: Domas Mituzas <midom@PUB.OSF.LT>
To: BUGTRAQ@NETSPACE.ORG
Subject: ipfwadm has pseudo-DoS ;)
ipfwadm delivered with all major Linux distributions doesn't know some new
kernel features (included into latest releases). One of them is ICMP
Masquerading. ipfwadm couldn't handle ICMP lines in
/proc/net/ip_masquerade therefore it brought "unexpected input data"
error not showing other records (that is TCP and UDP). Therefore if
someone want's that his connections were not seen by `ipfwadm -Ml` can
just ping one host and at the same time do what he wants. Of course the
operator can look into /proc/net directory, but it's difficult to read ip
addresses written in hex numbers... I've written a small fix to solve
this problem - I've just added ICMP Masquerading support to ipfwadm. Here
it is (you can get ipfwadm distribution from ftp.xos.nl/pub/linux/ipfwadm):
--- ipfwadm.c.orig Tue Jul 30 14:54:22 1996
+++ ipfwadm.c Sat Nov 28 16:20:53 1998
@@ -1134,6 +1134,9 @@
else if (kind == IP_FW_F_UDP &&
(service = getservbyport(htons(port), "udp")) != NULL)
return service->s_name;
+ else if (kind == IP_FW_F_ICMP &&
+ (service = getservbyport(htons(port), "icmp")) != NULL)
+ return service->s_name;
else
return (char *) NULL;
}
@@ -1571,6 +1574,9 @@
case IP_FW_F_UDP:
fprintf(fp, "%-5s", "udp");
break;
+ case IP_FW_F_ICMP:
+ fprintf(fp, "%-5s", "icmp");
+ break;
}
sec100s = ms->expires % HZ;
@@ -1668,9 +1674,10 @@
ms->kind = IP_FW_F_TCP;
else if (strcmp("UDP", buf) == 0)
ms->kind = IP_FW_F_UDP;
+ else if (strcmp("ICMP", buf) == 0)
+ ms->kind = IP_FW_F_ICMP;
else
exit_error(1, "unexpected input data");
-
/* we always keep these addresses in network byte order */
ms->src.s_addr = (__u32) htonl(temp[0]);
ms->dst.s_addr = (__u32) htonl(temp[1]);
--
Domas Mituzas
School of New Communications. Linux department.
Now I'm pregnant... X-Ray proves - it's a penguin again!
