fake-1.1.11/0000700001567400156740000000000011225056117011555 5ustar hormshormsfake-1.1.11/debian/0000700001567400156740000000000011225056107012776 5ustar hormshormsfake-1.1.11/debian/changelog0000600001567400156740000000262211225056107014654 0ustar hormshormsfake (1.1.11-1) unstable; urgency=low * New upstream - Include Raphael Geissert's non-maintainer upload changes. - Don't die if FOREIGN_INTERFACE isn't set as it isn't mandatory. -- Simon Horman Wed, 08 Jul 2009 18:27:15 +1000 fake (1.1.10-1.1) unstable; urgency=low * Non-maintainer upload. * Fix bashism. (Closes: #530079) * debian/rules: + Don't ignore errors by make; + Use $(CURDIR) instead of pwd. * debian/compat: bump to level five. * debian/control: + Bump versioned dependency on debhelper. + Add dependency on misc:Depends -- Raphael Geissert Thu, 02 Jul 2009 21:37:08 -0500 fake (1.1.10-1) unstable; urgency=low * New Upstream * Removed unused LOG_DIR directive. Thomas Hood. (closes: Bug#253292) * Fixed typos in fake(8) man page. Thomas Hood. (closes: Bug#253294) -- Simon Horman Fri, 11 Jun 2004 18:14:03 +0900 fake (1.1.9-1) unstable; urgency=low * New Upstream (closes: Bug#253129) -- Simon Horman Tue, 8 Jun 2004 16:46:28 +0900 fake (1.1.8-1) unstable; urgency=low * Updated for 1.1.8 (closes: Bug#165318) -- Simon Horman Mon, 21 Oct 2002 12:35:19 +0900 fake (1.1.7) unstable; urgency=low * A release -- Simon Horman Mon, 7 Jan 2002 04:39:42 +1100 Local variables: mode: debian-changelog End: eoch fake-1.1.11/debian/compat0000600001567400156740000000000211225055712014177 0ustar hormshorms5 fake-1.1.11/debian/control0000600001567400156740000000071311225055712014405 0ustar hormshormsSource: fake Build-Depends: debhelper (>=5), patch Section: admin Priority: optional Maintainer: Simon Horman Standards-Version: 3.6.1 Package: fake Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: IP address takeover tool Fake is a utility that enables the IP address be taken over by bringing up a second interface on the host machine and using gratuitous arp. Designed to switch in backup servers on a LAN. fake-1.1.11/debian/copyright0000600001567400156740000000036211225055712014735 0ustar hormshormsFake Script to spoof an ip Designed to create redundant servers Copyright (C) 1998 Horms Distributed under the terms of the GNU GPL Version 2 or later found on Debian systems in the file /usr/share/common-licenses/GPL fake-1.1.11/debian/fake.dirs0000600001567400156740000000005311225055712014570 0ustar hormshormsetc/fake etc/fake/instance_config var/run fake-1.1.11/debian/fake.files0000600001567400156740000000060211225055712014731 0ustar hormshormsusr/share/doc/fake/README usr/share/doc/fake/AUTHORS usr/share/doc/fake/changelog.gz usr/share/doc/fake/arp_fun.txt.gz usr/share/doc/fake/redundant_linux.txt.gz usr/share/doc/fake/203.12.97.7.cfg usr/share/doc/fake/192.168.89.19.cfg usr/sbin/send_arp usr/sbin/fake etc/fake/.fakerc etc/fake/clear_routers usr/lib/heartbeat/fake /usr/share/man/man8/fake.8 /usr/share/man/man8/send_arp.8 fake-1.1.11/debian/rules0000700001567400156740000000323711225055712014064 0ustar hormshorms#!/usr/bin/make -f # Sample debian/rules that uses debhelper. # GNU copyright 1997 to 1999 by Joey Hess. build: build-stamp build-stamp: dh_testdir $(MAKE) patch all touch build-stamp clean: dh_testdir dh_testroot rm -f build-stamp [ ! -f Makefile ] || $(MAKE) clean dh_clean install: build dh_testdir dh_testroot dh_clean -k dh_installdirs $(MAKE) \ ROOT_DIR=$(CURDIR)/debian/tmp \ MAN8_DIR=$(CURDIR)/debian/tmp/usr/share/man/man8/ \ install mkdir -p $(CURDIR)/debian/tmp/usr/share/doc/fake install -c -m 644 instance_config/192.168.89.19.cfg \ $(CURDIR)/debian/tmp/usr/share/doc/fake/ install -c -m 644 instance_config/203.12.97.7.cfg \ $(CURDIR)/debian/tmp/usr/share/doc/fake/ install -c -m 644 README $(CURDIR)/debian/tmp/usr/share/doc/fake/ install -c -m 644 AUTHORS $(CURDIR)/debian/tmp/usr/share/doc/fake/ install -c -m 644 ChangeLog \ $(CURDIR)/debian/tmp/usr/share/doc/fake/changelog gzip --best $(CURDIR)/debian/tmp/usr/share/doc/fake/changelog install -c -m 644 docs/redundant_linux.txt \ $(CURDIR)/debian/tmp/usr/share/doc/fake/ gzip --best \ $(CURDIR)/debian/tmp/usr/share/doc/fake/redundant_linux.txt install -c -m 644 docs/arp_fun.txt \ $(CURDIR)/debian/tmp/usr/share/doc/fake/ gzip --best $(CURDIR)/debian/tmp/usr/share/doc/fake/arp_fun.txt dh_movefiles --source=debian/tmp binary-indep: build install binary-arch: build install dh_testdir dh_testroot dh_installdocs dh_installchangelogs dh_link dh_strip dh_compress dh_fixperms dh_makeshlibs dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install fake-1.1.11/docs/0000700001567400156740000000000011225055712012505 5ustar hormshormsfake-1.1.11/docs/redundant_linux.txt0000600001567400156740000004404311225055712016460 0ustar hormshormsCreating Redundant Linux Servers - TEXT VERSION Horms (Simon Horman) horms@zip.com.au (c) 1998 To be presented at The 4th Annual Linux Expo The Bryan University Center Duke University Durham North Carolina USA Thursday 28th - Saturday 30th May 1998 http://linuxexpo.zip.com.au/ I would like to acknowledge the assistance of my employer Zip Internet Pro- fessionals http://www.zip.com.au./ for their assistance and patience that enabled this presentation to come together. Additionally I would like to thank Mr.O'Brien, Gus, Miss Kim, K and Raster for their help along the way. ABSTRACT: For an organisation of any size fault tolerance is an important issue. A server going down should not leave users twiddling their thumbs. A simple solution to this is to create backup servers that can be switched in when a server goes down. Using Linux this can be easily achieved using either existing servers or dedicated backup servers. Many services have good redundancy built in. Examples of this include mail servers and name servers, However services such as POP and manual proxies which require end users to specify a host to connect to are not afforded such fault tolerance. It is for services such as this that providing backup servers becomes crucial. The idea is to create a backup server that when called upon assumes the identity of the failed server in addition to any existing identities. The backup server is given an IP alias for the failed host and uses ARP spoofing to convince the rest of the network that the backup server is in fact the failed server. This method of creating backup servers can be supplemented by using a TCP/IP Switch that allows content based services such as POP3 to be sourced from servers that may have other inaccessible services on them. Additionally housing the content for services such as HTTP on a dedicated NFS server enables a backup HTTP server to serve a site as well as the primary server. These are clearly a quick and dirty solutions to creating backup servers. They have however proved to be quite successful in practice and requires little or no outlay for additional hardware. CONTENTS Introduction ARP Spoofing Background Activation Deactivation Automation Improvements TCP/IP Switch HTTP Accelerator POP3 Switch A Generic Switch NFS Backbone Choosing a Backup Box Testing Discussion Glossary INTRODUCTION Working for an ISP with Linux servers it became apparent that the built in redundancy in many key services was either inadequate or non-existent Of particular concern was redundancy in proxy servers. As bandwidth in Australia is relatively expensive mandatory proxies for HTTP are imposed by many ISPs. Manual proxies and the issuing of automatic proxy configu- ration files are particularly lacking in redundancy. To make this redundant a method of backing up HTTP and proxy servers was investigated. What was required was a generic method for a backup server to take over the role of a lame server. The idea initially proposed was to update DNS records as required. This would change the IP address of the lame server to that of the backup server This was found to be unsatisfactory on the following counts The time to live on the zone files would need to be turned down severely to account for any users using DNS servers other than the master or secondary that can easily be reset for the zone in which the servers lie Users may access servers using an IP address rather than a host name Users may use non-DNS methods such as an /etc/hosts file to map server host names to IP addresses After some investigation it was found that a solution where the backup server would assume the IP address of the lame server would be ideal. This elimi- nated the difficulties related to the DNS based solution. The only remaining difficulty was to convince other boxen on the LAN of the change in circum- stance and this is where ARP Spoofing came into the game [YV]. ARP spoofing is a method often employed by hackers to assume the identity of a host on a LAN. For this application ARP spoofing allows the backup server to take of the IP address of the lame server. ARP SPOOFING Background To implement a redundant server in Linux using ARP spoofing is a relatively simple task. The existing server is given a second interface such that the server can still be accessed when the backup server is in operation. This is best achieved using a second physical interface as this gives better hardware redundancy [HM]. However in most situations using IP aliasing is quite satisfactory. [Figure 1 Original and Backup Server Interfaces] (Omitted) Activation When the backup server is brought into operation it sets up an interface with the IP address of the server it is to back up. Again this can be an additional physical interface or an IP alias. The backup server then uses ARP spoofing for the duration of its operation to ensure that it receives all packets directed to the server it is backing up. The spoofed ARP packets that are sent announce the hardware address of the backup server that has an interface for the now lame server's IP address These ARP packets are addressed to the broadcast hardware addresses. This is known as a Gratuitous ARP as a machine makes an ARP request for its own IP address. ARP is central to the functioning of a LAN as it enables the hardware address of a machine to be found given its IP address. Once the hardware address of a machine is know packets can be sent to it over the LAN. Machines keep a cache of hardware to IP address mappings so that a fresh ARP request doesn't need to be sent out for each IP packet. The hardware address in the most recent ARP reply for a given IP address will be used. Hence by using Gratuitous ARP it is possible to force this cache to be pushed, redirecting IP packets to a different hardware address and hence in this case a different machine. It is important that the ARP packets are sent frequently enough that the ARP cache of other boxen on the LAN does not expire. If the ARP cache did expire then an ARP request for the hardware address of the lame server would be issued. If the lame server is in a state where it is able to answer ARP requests then a race condition would be created between the lame server and the backup server, as shown in Figure 2. [Figure 2 Race Condition for ARP replies] (Omitted) Deactivation Once the existing server is ready to be used again it is simply a matter of removing the additional interface on the backup server and stopping ARP spoofing. Finally additional spoofed ARP packets are sent out pointing the existing servers IP address back to the original hardware address Automation The process of turning on and on the backup server is easily automated such that if the existing server fails the backup server is activated. Such automation takes two stages. Firstly the status of the service is gauged by attempting to access key services it provides. Secondly in a failure situation scripts to enable the second interface on the backup server and kick of ARP Spoofing are activated. Similarly by accessing the lame server via the second interface it can be ascertained when the backup server can be deactivated by running scripts that deactivate the second interface on the backup server and stopping ARP Spoofing. TCP/IP SWITCH Improvements The ARP based solution is particularly well suited to services which act as a relay. Proxies and SMTP relays fall into this category and the users should not be able to tell when the backup server is in operation. With this in mind other complimentary methods of creating redundant servers have been investigated. The use of some sort of TCP/IP switch on servers backup or otherwise would allow a more powerful backup scheme to be developed as content could still be sourced from servers where it is still available. HTTP Accelerator The popular Squid proxy daemon comes with a facility that allows a single server to act as a front end to web servers [OP]. This works by having clients connect to the Squid server as if it were an HTTP server and then farming requests onto the real web server or servers. This can be used to share load around multiple servers on high volume sites as illustrated in Figure 3 or to protect HTTP servers that contain sensitive data by placing them behind a firewall such that the Squid server can access the HTTP server but other hosts on the Internet can not. Though primarily intended to allow load sharing on high volume sites this can also be used to provide some form of redundancy. The HTTP accelerator server can be a front end for multiple back end http servers hence the loss of a HTTP server should not result in a site being down. And of course as the http accelerator itself has no content is can be backed up using the ARP base method of creating redundant servers. On small sites this extra layer between users and the web server may just be another potential point of failure however the switching idea presented is an interesting one. [Figure 3 HTTP Accelerator] (Omitted) POP/Switch It is quite common for the SMTP and POP3 servers to be the same box so mail is delivered and collected from a spool directory controlled by a single localised system. In a situation where the SMTP daemon is incapacitated it is desirable to switch to the backup server so users can still send mail. Even if the POP3 daemon was still operable by switching to a backup server that invariably does not have access to the mail spool and so POP3 also becomes unavailable. However a POP3 Switch can overcome this. A POP3 Switch is simply a data pipe that accepts a list of foreign host-port pairs and tries them in turn until a connection can be made as shown in Figure 4. So in our situation the POP3 Switch may first try to contact the POP3 port of the lame host and then go to a dummy POP3 server listening on a port on the local host. [Figure 4 POP3 Switch] (Otherwise) A Generic Switch Of course the POP3 switch described is just a TCP/IP data pipe and hence is extensible to just about any protocol that uses TCP/IP. The only penalty is that the further down the list of possible host-port pairs the switch has to go before making a connection the longer the connection time becomes However some sort of caching mechanism by which a bad host-port is not tried again for a time could improve this. Hence we are able to swap in backup servers using ARP spoofing and have them point to content where it is still available using TCP/IP data pipes. NFS BACKBONE So far a method for switching backup servers in to assume the IP address of a lame server has been found and a way to source services from otherwise lame servers has been explored. However if we are trying to back up a service that provides a large amount of relatively dynamic data and the service goes down we still do not have an adequate solution. An example of such a service is a HTTP server. It is not necessarily practical to keep multiple copies of a web site on different hosts due to the dynamic nature of most sites and the cost in terms of disk space. A solution that enables a backup server to access the content of a service such as HTTP when the main server goes down is to have the content situated on a third server and mounted via NFS. If the NFS server is set up such that it does nothing but serve NFS it should be quite stable and a low risk single point of failure. Additionally, by placing the NFS server on a physically separate network or on a different segment of the LAN and giving servers that use it a second network card there is no issue relating to extra data on the network. Therefore the content for the service can be accessed regardless of whether the main server or the backup server is in operation. In the case of an HTTP server for which this solution is particularly well suited, this means the web site should remain accessible. CHOOSING A BACKUP BOX Although all of the solutions discussed do not require a dedicated backup server it is advisable to have one. If a server that has other tasks to perform is run as a backup server then the additional load placed on the server when it is running the services of another box may cause an unacceptable slow down or raise reliability issues. For this reason it is advisable to have a backup server on which very little is running. TESTING As with any system is is important to test that the backup server functions as expected. Your testing regime should include a full production test including having any automated aspects run their due course. Although this will result in some disruption of service to users it is better for a brief outage to occur under controlled circumstances than for some unexpected behavior to surface in a crisis situation. It is also a good plan to have a regular testing procedure in place. The nature of the backup server is that it hardly ever gets used and is likely to be used for other purposes from time to time. As such it is very easy for one configuration or another to get altered and go unnoticed. By conducting regular, possibly automated tests you can ensure that the backup server is always in good shape. DISCUSSION The ARP based solution is particularly well suited to services which act as a relay. Proxies and SMTP relays fall into this category and the users should not be able to tell when the backup server is in operation. When the service that is to be backed up is a source of data this method of creating redundant servers though not well suited can still be successfully applied. A backup POP3 or IMAP server could be configured such that an email explaining the current situation is delivered. Key parts of a web site can be duplicated and warning pages issued in lieu of unavailable pages When the ARP based solution is coupled with a TCP/IP switch then services that provide content can also be made more redundant. Finally by housing content on a NFS server backup servers can have access to content and serve it accordingly The redundant servers created can be used in a variety of situations. First and foremost their activation can be automated such that the backup servers are called into service in emergency situations. Automation is particularly attractive here as such situations typically occur around 2 am. Additionally the redundancy can be used to prevent disruption to users when system maintenance and hardware upgrades are being undertaken. We can see that using simple utilities coupled with the power of Linux redun- dant servers are easy to realise even for small organisation. This redundancy can be used to provide a more constant and stable level of service to users This increases their satisfaction while reducing your support burden. While it is obvious that the solutions presented are targeted towards low end applications there is no reason why these concepts could not be scaled up. What is important to realise is that the power of Linux enables us to create solutions that suit our needs rather than modifying our needs to fit with the solutions available. GLOSSARY ARP: Address Resolution Protocol. Protocol used to map an interface's IP address to the hardware address of the network card. Daemon: A programme that runs in the background and performs a specific task. A Web server is usually implemented as a daemon. Data Pipe: Daemon that accepts a TCP/IP connection from and forwards it to another host and port. Note that the host can be any host including the host on which the daemon is running. DNS: Domain Name Service. Distributed database used to map host names to IP addresses and vice-versa. Hardware Address: Unique number associated with each network card used with low level protocols. Host: A computer on the Internet Localhost: Interface on a computer that loops back to the computer on which the interface resides on. HTTP: HyperText Transfer Protocol. Protocol used by the World Wide Web. IMAP: Internet Message Access Protocol. Protocol used to view mail in remote mail boxes. Interface. Software access point to network hardware. IP: Internet Protocol. The underlying protocol used to transfer data on the Internet IP Address. Unique number assigned to each interface on the Internet. IP Aliasing. Kernel option that allows multiple interfaces to be assigned to a single network card. ISP: Internet Services Provider. An organisation that provides internet con- connectivity and other related services. LAN: Local Area Network. Network used to connect boxen at close proximity. NFS: Network File System. Method of making a directory and its contents available to other boxen on a network. Redundancy: The ability to keep functioning at some level after a failure. POP3: Post Office Protocol. Protocol used to download mail from remote mail boxes. Proxy: A service by which requests for information from services such as HTTP are done on behalf of clients and the information is returned to the client. The information collected on behalf of the client may be kept in a local cache on the proxy server. Port: A software access point to a host. Hosts have multiple ports and daemons typically listen on a specific port or ports for connections from clients Service: A source of information that users access. e.g. A HTTP server provides web pages. SMTP: Simple Mail Transfer Protocol. Protocol used to transfer email over the internet. SMTP relay: SMTP server that forwards email from one box to another TCP/IP: Transmission Control Protocol. Internet Protocol. Pair of protocols that provide a connection based service used on the internet for protocols such as HTTP and SMTP. /etc/hosts: A file on Unix systems that maps host name to IP addresses. REFERENCES References [HM] hm@seneca.muc.de Harald Milz. Linux High Availability Howto. http://www.muc.de./~hm/linux/HA/High-Availability-HOWTO.html, http://sunsite.unc.edu./pub/Linux/ALPHA/linux_ha/ High-Availability-HOWTO.html, February 1998. [OP] oskar@is.co.za Oskar Pearson. Squid Users Guide http://cache.is.co.za./squid/, September 1997. [YV] jmcdonal@unf.edu Yuri Volobuev. Playing Redir Games With ARP And ICMP http://www.rootshell.com./. Creating Redundant Linux Servers - TEXT VERSION fake-1.1.11/docs/arp_fun.txt0000600001567400156740000010066711225055712014714 0ustar hormshorms [ http://www.rootshell.com/ ] Playing redir games with ARP and ICMP by yuri volobuev [ -Intro- ] There're bugs and there're features. All too often the distinction between the two is in the eye of the beholder. I'd like to show how two legitimate protocols, ARP and ICMP, while properly implemented, can be used to achieve something which is, well, not desirable. While passive attacks (sniffing) that take advantage of the root access to LAN are extremely popular and every half-way decent root kit has some kind of a net sniffer, active attacks are not nearly as widespread. Yet, active participation in the life of your LAN may bring lots of fun and joy. You knew that already, it's just that technical details had been somewhat obscure. So, let there be more light. Possibilities outlined here include spoofing and DoS. While other means of spoofing, such as IP blind spoofing, are more general and powerful, in terms of who can use them, they require quite a lot of (guess)work and may be hard to implement. ARP spoofing, on contrary, is very easy and robust. While ARP spoofing is only possible on a local network, it may be a serious concern as a way to extend an already existing security breach. If somebody can break into one machine on a subnet, ARP spoofing can be used to compromise the rest of it. [ -Background on ARP- ] [well, originally i wrote few paragraphs outlining arp, but then i figured that if you didn't know how it works already, you'll need to learn it from a better source. I recommend "TCP/IP Illustrated" by W.Richard Stevens.] [ -What can be done- ] Let's consider a hypothetical network IP 10.0.0.1 10.0.0.2 10.0.0.3 10.0.0.4 hostname cat rat dog bat hw addr AA:AA BB:BB CC:CC DD:DD (for short) all connected by Ethernet in some simple way (i.e. no switches, no smart hubs). You're on cat, you have root and desire to break into dog. You know that dog trusts rat, so if you can successfully spoof rat, something can be gained. First thing that comes to mind (I think everybody was thinking about this at some point) is "why don't I set my IP to the IP of that other machine and..." That won't work, at least it won't work reliably. If you tell Ethernet driver on cat that it's IP is 10.0.0.2, it'll start answering ARP requests to that IP. But so will rat. It's a pure race condition, and there's no winner. However, you can easily be the loser, because this particular situation happens quite often when some box is misconfigured to use somebody's else's IP, so many implmentations immedeately notice that and loudly complain. Many network traffic analyzers flag that, too. Seeing a syslog message saying something nasty (mentioning cat's Ethernet address) on the LAN admin's console is not quite what you want. And what you want you won't necessarily get, that is getting anything remotely close to a working connection. This of course can be helped. The attached program, send_arp.c, can be a useful tool. Just as its name says, it sends an ARP packet [ARP reply, to be exact: since the protocol is stateless, reply will be happily accepted even if no one ever asked for it. Request would do just as well, though, because of the ARP caching logic] to the net, and you can make this packet to be what you want. What you want is an ability to specify source and target IP and hardware addresses. First, you don't want your Ethernet driver to talk too much, and it's easy to accomplish with ifconfig -arp. Of course, it'll need ARP info anyway, so you'll have to feed it to the kernel manually with arp(8). The critical part is convincing your neighbours. In the case being described here, you want dog to believe that rat's hardware address is that of cat (AA:AA), so you send ARP reply with source IP 10.0.0.2, source hw address AA:AA, target IP address 10.0.0.3 and target hardware address CC:CC. Now, for all dog knows, rat is at AA:AA. Cache entry would expire, of course, so it needs to be updated (request needs to be resent). How often depends on the particular system, but every 40 sec or so should be sufficient for most cases. Send it more often if you want, it won't hurt. A complication here could come from an ARP caching implementation feature. Some systems (e.g. Linux) would try to update their cache entries by sending a unicast ARP request to the cached address (like your wife calling you just to make sure you're there). Such a request can screw things up, because it could change victim's ARP entry that we just faked, so it must be prevented. This can be accomplished by feeding the "wife" system with replies so that it never has to ask for it. Prevention is the best cure, as always. This time, a real packet from dog to rat should be sent, it's just that cat will be sending it, not dog, but for rat there's no way to tell. Again, doing it about every 40 sec is usually OK. So the procedure is simple. Bring up an alias interface, e.g. eth0:1 (or use your current one, whatever), with rat's IP and ARP on -- you need to set up some cache entries first, and it won't work on non-arp interface. Set up a host route entry for dog through the right interface. Set up a cache entry for dog, turn off arp, and it's all set. Now, inject the venom with send_arp (hitting both dog and rat) and for all dog knows, you're on rat. Just remember to keep sending those ARP packets to dog and rat. This attack only works on the local network, of course (in general, it can reach as far as ARP packets can get, usually not too far because ARP packets are almost never routed). But an interesting extension here is taking this outside by replacing dog's hardware address in the above plan with the router's. If it works (I'm not sure it always will, router's ARP implementation may be tougher to fool, and since I don't want to try it on real routers, I don't know, but there's no simple reason why not) you can easily impersonate any machine on the local network to the rest of the world. So the target machine could really be anywhere, but the machine you're impersonating must be on the same LAN. [ -What else can be done- ] Aside from spoofing, there's range of other things you can do with ARP. The sky is really the limit here. DoS is the most obvious application. Feeding victim wrong hardware address is a powerful way to make it mute. You can prevent it from talking to any particular machine (and ARP cache size usually allows for the whole network to fit in, so effectively you can stop it from talking to everybody for some time). Obvious target would be the router. Cache poisoning again should be two-way: both the victim system and the system you don't want victim to talk to should be fed. The simplest case would be feeding a non-existant address. It's not the most efficient, though, as the system will quickly realize that it's talking to nobody and send out an ARP request. Of course, your next drop of poison will nullify this, but you have to do it quite often. A more efficient approach here is feeding the victim with the hardware address of the wrong machine, which itself is alive and well. Again, it depends on a particular situation, but very often what happens is that victim keeps sending out packets of various types that arrive to the wrong destination, and destination system will promptly send ICMP Xxx Unreachable messages back, thus emulating a connection in some perverted way. This pseudo-conection can easily postpone cache expiry. On Linux, for example, pseudo-connection raises cache expiry from usual 1 min to about 10 min. By that time, most or all TCP connections are screw up. Could be quite annoying. This way, one ARP packet can screw someone. An interesting twist here is so-called "gratuitous ARP". It's when the source and target IPs in the ARP request are the same, and it usually appears in a form of an Ethernet broadcast. Some implementations recognize it as a special case, that of a system sending out updated information about itself to everybody, and cache that request. This way one packet could screw up the entire network. It must be admitted, though, that gratuitous ARP is not really defined as a part of ARP, so it's up to vendor to (not) implement it, and it's becoming increasingly less popular. ARP is a serious tool for professional practical jokes, too. Just imagine somebody setting up a relay, or tunnel, in a form of own machine that convinced two neighbours to send their packets intended for each other to relay's Ethernet. If relay just forwards packets to their real destinations, no one would even notice. However, some simple data stream modifications could have quite a spectacular effect on one's mental health. A simple, CPU-inexpensive "filter" could be swapping random two bytes at irregular long intervals. If it hits the data portion, most of the checksums won't change, i.e. data stream would seem to be intact, yet strange and unexplicable things _will_ happen for no apparent reason. [ -ICMP redirects- ] An effect somewhat similar to ARP cache poisoning can be achieved in a different way, again using a legitimate protocol feature, ICMP route redirects. Such a redirect is normally sent by the default router to the system to indicate that there's a shorter route to some particular destination. Originally, both network and host route redirects were proposed, but later net redirects were deprecated and now are usually treated as host redirects. Properly constructed ICMP packet that passes all sanity checks (it must come from the default router for the destination it's redirecting, new router should be on a directly connected network, etc.) it causes a host-route entry be added to the system routing table. The concept is just as secure as ICMP itself, i.e. (security)NULL. Spoofing routers IP address is simple, and attached icmp_redir.c does just that. Host Requirements RFC states that system MUST follow ICMP redirects unless it's a router. And indeed all the systems I've tried happily accept it (except vanilla Linux 2.0.30, where it's broken, it works in 2.0.29 and 2.0.31pre9, according to Alan Cox). ICMP redirects present a rather potent DoS. Unlike ARP cache entries, those host routes won't expire with time. And of course no access to local network is required, attack can be launched from anywhere. So if the target system does accept ICMP redirects (and packets can actually reach it) that system can be stopped from talking to any particular address on the net (well, not all, but those that aren't on the same subnet with the target). Nameservers would be an obvious target. [ -What can be done about it- ] ARP is low level protocol and as such is usually hidden from normal people. LAN admins may be concerned with it at times, but if all goes well no one pays attention. One can always inspect contents of ARP cache using arp(8), especially if there's some misterious network problem, but again it's not the first thing that comes to mind. Even W95 has arp command, and remembering about it may be helpful in certain situations. However, if you're the target of the attack originating from another network via gateway arp spoofing, there's no way to tell. Similarly, host routing table could be examined to spot ICMP-generated entries (in most versions of route(1) they are marked with D letter in flags field). Just be aware. The above ARP attack scheme work perfectly for plain old 10Base2 Ethernet. However, if machines are interconnected in some more advanced way, particularly using some smart hubs or switches, attack can be more visible or even impossible (same goes for passive attacks). So there's yet another reason to invest in a good piece of network equipment. A good deal of peace of mind may just come with it. In general, however, I personally find it rather sad that things like ICMP redirects were made a default. First, it's often not necessary because many networks have very simple structure and there's never a need for anything in addition to usual routing table. Second, on more sophisticated networks routing table can be just as well set manually, it's not really such a dynamic thing, so why do it via ICMP? And finally, it's dangerous, so I would like to disable it on my systems, even though it'll make them less compliant with RFC1122. Alas, it may not be easy. On Linux or any other OS with sources available, I can at least hack the kernel and #define it out. On Irix 6.2 and possibly other versions one can set icmp_dropredirects=1 with systune (I'm genuinely surprised to see it there, I really am). Other OSes can be configurable, too, I have no information. With ARP, we basically face a situation when the problem of name resolution is solved dynamically without a centralized server. It doesn't have to be this way. When one wants to map hostname to an IP, nameserver is queried or /etc/hosts is consulted, i.e. there's some static mapping established. I don't see why a similar thing can't be done with ARP. Ethernet hardware addresses don't change too often, and when they do change, it won't kill net admin to change the corresponding map. Ethernet can be forced in no-arp mode, you just need to make sure your ARP cache has all the entries made as permanent. As a bonus, this will reduce network traffic somewhat. Standard procedures can be used to distribute ARP map, e.g. rdist, rsync (I would say NIS, but if you use NIS, ARP is probably not your top security concern anyway). Old tradition of /etc/ethers can be brought back to life. But getting a kick-ass Ethernet switch still looks better to me (paying for it does not, though). And old wisdom still shine bright though time: don't use hostname-only based auth. Those who do shall have no mercy from net gods. cheers, yuri P.S. On Firewalls I anticipate that many of you, having read the section about ICMP, are already flexing the fingers preparing to write a follow-up explaining that all those ICMP packets can be filtered out on the firewall, thus it's not a problem. Please don't. I'm well aware of the concept. An if you feel you absolutely have to, don't cc the list needlessly. I have to note that many people use "i have firewall, and I like it, therefore everyone else should get one or get lost" logic to argue that certain security problems are less serious because they can be effectively eliminated by putting a firewall between the protected network and Internet. While I fully agree that having firewall is very good for security, I want to note that it's not always possible or effective. Imagine an environment where all machines are directly connected to Internet, you have to share subnet with people you don't know who have vanilla SGI boxes screaming "hack me pleeeease, my vendor did such a great job of making it eeeeeeasy" all over the place (and sure, these people know Unix, they've seen it in Jurassic Park... and that would be about it), and the router to your subnet is controlled by a separate organization. Welcome to a standard academic environment, where people don't use firewalls. In fact, in some of those environments one would be useful to protect the outside world from the people on the inside. Still, people work there, and use computers, too. And that's where per-host security solutions are necessary, it's a jungle where every host is for itself. So please, next time you think "firewall", remember, it's not for everyone. CUT HERE /* send_arp.c This program sends out one ARP packet with source/target IP and Ethernet hardware addresses suuplied by the user. It compiles and works on Linux and will probably work on any Unix that has SOCK_PACKET. The idea behind this program is a proof of a concept, nothing more. It comes as is, no warranty. However, you're allowed to use it under one condition: you must use your brain simultaneously. If this condition is not met, you shall forget about this program and go RTFM immediately. yuri volobuev'97 volobuev@t1.chem.umn.edu */ #include #include #include #include #include #include #include #include #include #include #define ETH_HW_ADDR_LEN 6 #define IP_ADDR_LEN 4 #define ARP_FRAME_TYPE 0x0806 #define ETHER_HW_TYPE 1 #define IP_PROTO_TYPE 0x0800 #define OP_ARP_REQUEST 2 #define DEFAULT_DEVICE "eth0" char usage[]={"send_arp: sends out custom ARP packet. yuri volobuev'97\n\ \tusage: send_arp src_ip_addr src_hw_addr targ_ip_addr tar_hw_addr\n\n"}; struct arp_packet { u_char targ_hw_addr[ETH_HW_ADDR_LEN]; u_char src_hw_addr[ETH_HW_ADDR_LEN]; u_short frame_type; u_short hw_type; u_short prot_type; u_char hw_addr_size; u_char prot_addr_size; u_short op; u_char sndr_hw_addr[ETH_HW_ADDR_LEN]; u_char sndr_ip_addr[IP_ADDR_LEN]; u_char rcpt_hw_addr[ETH_HW_ADDR_LEN]; u_char rcpt_ip_addr[IP_ADDR_LEN]; u_char padding[18]; }; void die(char *); void get_ip_addr(struct in_addr*,char*); void get_hw_addr(char*,char*); int main(int argc,char** argv){ struct in_addr src_in_addr,targ_in_addr; struct arp_packet pkt; struct sockaddr sa; int sock; if(argc != 5)die(usage); sock=socket(AF_INET,SOCK_PACKET,htons(ETH_P_RARP)); if(sock<0){ perror("socket"); exit(1); } pkt.frame_type = htons(ARP_FRAME_TYPE); pkt.hw_type = htons(ETHER_HW_TYPE); pkt.prot_type = htons(IP_PROTO_TYPE); pkt.hw_addr_size = ETH_HW_ADDR_LEN; pkt.prot_addr_size = IP_ADDR_LEN; pkt.op=htons(OP_ARP_REQUEST); get_hw_addr(pkt.targ_hw_addr,argv[4]); get_hw_addr(pkt.rcpt_hw_addr,argv[4]); get_hw_addr(pkt.src_hw_addr,argv[2]); get_hw_addr(pkt.sndr_hw_addr,argv[2]); get_ip_addr(&src_in_addr,argv[1]); get_ip_addr(&targ_in_addr,argv[3]); memcpy(pkt.sndr_ip_addr,&src_in_addr,IP_ADDR_LEN); memcpy(pkt.rcpt_ip_addr,&targ_in_addr,IP_ADDR_LEN); bzero(pkt.padding,18); strcpy(sa.sa_data,DEFAULT_DEVICE); if(sendto(sock,&pkt,sizeof(pkt),0,&sa,sizeof(sa)) < 0){ perror("sendto"); exit(1); } exit(0); } void die(char* str){ fprintf(stderr,"%s\n",str); exit(1); } void get_ip_addr(struct in_addr* in_addr,char* str){ struct hostent *hostp; in_addr->s_addr=inet_addr(str); if(in_addr->s_addr == -1){ if( (hostp = gethostbyname(str))) bcopy(hostp->h_addr,in_addr,hostp->h_length); else { fprintf(stderr,"send_arp: unknown host %s\n",str); exit(1); } } } void get_hw_addr(char* buf,char* str){ int i; char c,val; for(i=0;i= 'a' && c <= 'f') val = c-'a'+10; else die("Invalid hardware address"); *buf = val << 4; if( !(c = tolower(*str++))) die("Invalid hardware address"); if(isdigit(c)) val = c-'0'; else if(c >= 'a' && c <= 'f') val = c-'a'+10; else die("Invalid hardware address"); *buf++ |= val; if(*str == ':')str++; } } CUT HERE /* icmp_redir.c This program sends out an ICMP host redirect packet with gateway IP supplied by user. It was written and tested under Linux 2.0.30 and could be rather easily modified to work on most Unices. The idea behind this program is a proof of a concept, nothing more. It comes as is, no warranty. However, you're allowed to use it under one condition: you must use your brain simultaneously. If this condition is not met, you shall forget about this program and go RTFM immediately. yuri volobuev'97 volobuev@t1.chem.umn.edu */ #include #include #include #include #include #include #include #include #include #include #include #include #define IPVERSION 4 struct raw_pkt { struct iphdr ip; /* This is Linux-style iphdr. Use BSD-style struct ip if you want */ struct icmphdr icmp; struct iphdr encl_iphdr; char encl_ip_data[8]; }; struct raw_pkt* pkt; void die(char *); unsigned long int get_ip_addr(char*); unsigned short checksum(unsigned short*,char); int main(int argc,char** argv){ struct sockaddr_in sa; int sock,packet_len; char usage[]={"icmp_redir: send out custom ICMP host redirect packet. \ yuri volobuev'97\n\ usage: icmp_redir gw_host targ_host dst_host dummy_host\n"}; char on = 1; if(argc != 5)die(usage); if( (sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0){ perror("socket"); exit(1); } sa.sin_addr.s_addr = get_ip_addr(argv[2]); sa.sin_family = AF_INET; packet_len = sizeof(struct raw_pkt); pkt = calloc((size_t)1,(size_t)packet_len); pkt->ip.version = IPVERSION; pkt->ip.ihl = sizeof(struct iphdr) >> 2; pkt->ip.tos = 0; pkt->ip.tot_len = htons(packet_len); pkt->ip.id = htons(getpid() & 0xFFFF); pkt->ip.frag_off = 0; pkt->ip.ttl = 0x40; pkt->ip.protocol = IPPROTO_ICMP; pkt->ip.check = 0; pkt->ip.saddr = get_ip_addr(argv[1]); pkt->ip.daddr = sa.sin_addr.s_addr; pkt->ip.check = checksum((unsigned short*)pkt,sizeof(struct iphdr)); pkt->icmp.type = ICMP_REDIRECT; pkt->icmp.code = ICMP_REDIR_HOST; pkt->icmp.checksum = 0; pkt->icmp.un.gateway = get_ip_addr(argv[4]); memcpy(&(pkt->encl_iphdr),pkt,sizeof(struct iphdr)); pkt->encl_iphdr.protocol = IPPROTO_IP; pkt->encl_iphdr.saddr = get_ip_addr(argv[2]); pkt->encl_iphdr.daddr = get_ip_addr(argv[3]); pkt->encl_iphdr.check = 0; pkt->encl_iphdr.check = checksum((unsigned short*)&(pkt->encl_iphdr), sizeof(struct iphdr)); pkt->icmp.checksum = checksum((unsigned short*)&(pkt->icmp), sizeof(struct raw_pkt)-sizeof(struct iphdr)); if (setsockopt(sock,IPPROTO_IP,IP_HDRINCL,(char *)&on,sizeof(on)) < 0) { perror("setsockopt: IP_HDRINCL"); exit(1); } if(sendto(sock,pkt,packet_len,0,(struct sockaddr*)&sa,sizeof(sa)) < 0){ perror("sendto"); exit(1); } exit(0); } void die(char* str){ fprintf(stderr,"%s\n",str); exit(1); } unsigned long int get_ip_addr(char* str){ struct hostent *hostp; unsigned long int addr; if( (addr = inet_addr(str)) == -1){ if( (hostp = gethostbyname(str))) return *(unsigned long int*)(hostp->h_addr); else { fprintf(stderr,"unknown host %s\n",str); exit(1); } } return addr; } unsigned short checksum(unsigned short* addr,char len){ register long sum = 0; while(len > 1){ sum += *addr++; len -= 2; } if(len > 0) sum += *addr; while (sum>>16) sum = (sum & 0xffff) + (sum >> 16); return ~sum; } ------------------------------------------------------------------------- > all connected by Ethernet in some simple way (i.e. no switches, no smart > hubs). You're on cat, you have root and desire to break into dog. You know > that dog trusts rat, so if you can successfully spoof rat, something can be > gained. Actually with a bit of care the arp spoofing attack you describe works through simple mac filtering devices. Not only that but a switched network allows you to make purely unicast address attacks that the monitoring station won't see as the lan admin is himself switched from your packets... See below. > router's. If it works (I'm not sure it always will, router's ARP > implementation may be tougher to fool, and since I don't want to try it on > real routers, I don't know, but there's no simple reason why not) you can You can generally fool routers fairly easily too. > from usual 1 min to about 10 min. By that time, most or all TCP connections > are screw up. Could be quite annoying. This way, one ARP packet can screw > someone. ARP is a poor choice for this IMHO. The 802.1 spanning tree algorithm used by bridges and switches to avoid loops has no protection either and this allows you to shut down entire ports when you can do MAC level attacks rather than messing around host by host. > screw up the entire network. It must be admitted, though, that gratuitous > ARP is not really defined as a part of ARP, so it's up to vendor to (not) > implement it, and it's becoming increasingly less popular. Gratuitous ARP is a required part of IP mobile. It is an awkward case. The linux approach is to always honour ATF_PERM flags. That is if you create a permanent entry it will never be replaced by a learned one even temporarily. That allows security concerned people to hardcode addressing. > Host Requirements RFC states that system MUST follow ICMP redirects unless > it's a router. And indeed all the systems I've tried happily accept it > (except vanilla Linux 2.0.30, where it's broken, it works in 2.0.29 and > 2.0.31pre9, according to Alan Cox). Yep. Thats simply a quirk of a bug. A Linux host (as opposed to router) will like everyone else honour ICMP redirect unless you firewall or turn them off. A router never honours them (its strictly forbidden) > ICMP redirects present a rather potent DoS. Unlike ARP cache entries, those > host routes won't expire with time. And of course no access to local No. ICMP redirect host routes expire after a few minutes. The host has to do this so that a temporary situation does not cause a permanent change. If you are lucky enough to be on a switched network with a big netmask (class B or bigger) then you can also use ICMP host redirects against many boxes to add 65000+ routes to their tables. Unixes generally eat ram and carry on as they have good routing algorithms designed to cope with the backbones. Many "desktop OS" products use linear searches for their routes..... > The above ARP attack scheme work perfectly for plain old 10Base2 Ethernet. > However, if machines are interconnected in some more advanced way, > particularly using some smart hubs or switches, attack can be more visible > or even impossible (same goes for passive attacks). So there's yet another > reason to invest in a good piece of network equipment. A good deal of peace > of mind may just come with it. A filtering hub lets you perform this attack ping the two hosts you wish to snoop between. Using the mac address you learn via arp send both a unicast arp giving yourself as the answer for the other IP address. Route between the two yourself and log the frames. Better yet, the admin on another port is filtered from your unicast frames. Nothing they can see coming out of their hub is likely to show up the attack. > compliant with RFC1122. Alas, it may not be easy. On Linux or any other OS > with sources available, I can at least hack the kernel and #define it out. > On Irix 6.2 and possibly other versions one can set icmp_dropredirects=1 On Linux you can firewall icmp redirect packets specifically - ditto Im sure *BSD. That makes it a single line command option. > permanent. As a bonus, this will reduce network traffic somewhat. Standard > procedures can be used to distribute ARP map, e.g. rdist, rsync (I would say > NIS, but if you use NIS, ARP is probably not your top security concern > anyway). Old tradition of /etc/ethers can be brought back to life. But > getting a kick-ass Ethernet switch still looks better to me (paying for it > does not, though). You have a fundamental problem, and this is why neither IPv6 or bootp are any more secure to these forms of attack. Unless you burn keys into the roms or onto the disks of hosts by a non IP method you will never be able to set up the first secure session to learn the others - you have a problem akin to a PGP web of trust with nobody else to trust. With IPv6 you can at least theoretically implement IP-ESP (encryption headers) even on link layer "neighbour discovery" packets. In IPv6 there is local IPv6 rather than ARP thus one day we can crypt those too. -------------------------------------------------------------------------------- Having anticipated such a problem already (in our envoronment, there are many lab machines which have NFS access to user disks on a server. These machines may even be turned OFF which makes it easy for a spoofer to get in.), I wrote a short Perl script designed to be run from the system startup file. Basically, it "primes" the ARP cache on Linux with the IP and MAC addresses of known machines, setting a flag so that they are never removed from the cache and can never be changed. The config file format is simple -- IP address followed by MAC address, separated by whitespace. Pound at the beginning of a line indicates comment. This has only been tested on Linux -- people on other platforms may need to adjust the parameters to arp in the system call. It is a quick 'n' dirty program, but works -- maybe it will be useful to somebody out there, too. Note: you want to make sure that it is run after your network interface is brought up but before any servers or clients are started; otherwise, somebody may be able to sneak in a connection before the ARP tables are "locked". Here's the script: #!/usr/bin/perl # by John Goerzen # Program: forcehwaddr # Program to run ARP to force certain tables. # Specify filenames to read from on command line, or read from stdin. foreach (<>) { # For each input line.... chomp; # Strip if CR/LF if (/^#/) { next; } # If it's a comment, skip it. if (((($host, $hw) = /\s*(.+?)\s+(\S+)\s*/) == 2) && !(/^#/)) { # The text between the slashes parses the input line as follows: # Ignore leading whitespace. (\s*) # Then, start matching and put it into $host ($host, (.+?)) # Skip over the whitespace after that (\s+) # Start matching. Continue matching until end of line or optional # trailing whitespace. # Then, the if checks to see that both a # host and a hardware address were matched. # (2 matches). If not, we skip the # line (assuming it is blank or invalid or something). # The second part of the if checks to see if the line starts with # a pound sign; if so, ignore it (as a comment). # Otherwise, run the appropriate command: printf("Setting IP %-15s to hardware address %s\n", $host, $hw); system "/usr/sbin/arp -s $host $hw\n"; } } ------------------------------------------------------------------------- Some systems (notably BSD variants) have the arp -f option: -f Causes the file filename to be read and multiple entries to be set in the ARP tables. Entries in the file should be of the form hostname ether_addr [temp] [pub] with argument meanings as given above. ------------------------------------------------------------------------- Please note Yuri's original posting - unless you use the '-arp' option with ifconfig these "permanent" settings will get replaced! Also even with -arp any host that has not had the etheraddress set using arp -f or arp -s will be added to the arp cache. This is what I found with IRIX 6.2, HP-UX or FreeBSD and I would be surprised if any other OS was very different - the "permanent" flag stays set but the etheraddress will change unless -arp has been used. Easy to test by setting a nonesense ether for a host with arp -s and then send a ping comparing the arp cache before and after. Nothing appears in logfiles unless you have something monitoring arps such as arpwatch. ------------------------------------------------------------------------- I was playing around with the ICMP-redirect spoofing code from Yuri Volobuev and I've noticed some behaviors of IP stacks that seem to limit it's effectiveness at spoofing on a LAN. I tried it on 3 digital unix 4 boxes, 2 Solaris 2.5 boxes, and an HPUX box, and got similair results on all of them.. Quoting from W. Stevens TCP/IP Illustrated, Volume 1 page 123: ... Additionally, a 4.4BSD host that recieves an ICMP redirect performs some checks before modifying its routing table. These are to prevent a misbehaving router or host, or a malicious user, from incorrectly, modifying a system's routing table. 1. The new router must be on a directly connected network. 2. The redirect must be from the current router for that destination. 3. The redirect cannot tell the host to use itself as the router. 4. The route that's being modified must be an indirect route. ... So, basically, if you have two machines on the same subnet and they both have a net route for that subnet, then you can't use ICMP to re-route one to another. At least this is true for the boxes I've tried it on.. You can still use redirects to forward traffic destined for hosts that are on a different subnet or outside of the network. humble - jmcdonal@unf.edu fake-1.1.11/docs/redundant_linux.ps.gz0000600001567400156740000022650311225055712016705 0ustar hormshormsr86redundant_linux.ps{$/ o" \`ds-Js!` `0XtWK}O[5-軯;iO*4Χh4/?9o}Owo~|O_}:?_~<}%o>_~o%%?G?a_|{nyo݃[wtZ^>|˯k:LJ8ek^˕/'u(a`}8?|,%w%~~Sww:Zۿ/~ǿ{Òg3/_=|_~]ykgo\#7||>7aa퇥M>. z?<њXo?)~g"?|fv/_Ç?~ݷKMmE%O,ϿcVS\_w>X>`oˏ?gȋ ?w_gJ~XBg9z?Eп^[_e\)܇vUc<,|X񳯾aiϯlp/ۚ7}R@\_~T뇯~_R]j5WX# BMYexmC0<|jQMkK/~q!ר͇oohE͇U#Z*O r_|?qOkXSTQl."UF>_o/Ju,|e} }E;QJ,|[%/co,m\%o(Q_ V ?yTv ]UC.èH_~ q$u`˰O='t~Z_>Rϗ ?,)_>~K-z_VEʫ4:hV6ˇ2tQ+D_Ҫx4_d]~?|jo=oo?/P:u֩>F/x+EW; Z>= '^zYU@VEa)Rl*<Tw aQ*]\eSOk2_-"Uӟ//T/ڃUK Tq/(?,\/5:uFZ}\+R`g$(Swː8{fbVI'zPs%SE;X\z{]?xT5PҮfG@ %f>~u2/_}jjˣ6ǵ5? Ӊd a9? S"K[sЮy#и.~WayqLJW_/ J}X,J:B@jMDR^5h4CkO'a!ǟ*j׋x7#F>s#+MY%_߮t+}w++U9:- O,yRKyNu|^5b$KdlYcN9Ǔ{zKU-]TuI?[oZg|*QrZF+5 2)$.\I'&9f҅ ӂ܂0O:\,Jt,+)F̥f>$>7\2k@AJkEFU˗ Qe'?˻a^_"'׿s_^\bهK$\|yOS,mBf 6ʒz9kGbLSmFNV#Va+`oAjU-Pà4FBekժIy,5~44/U{,\âD)%`CN:7NT~ZjF,IskU?Tr* B%\Ք>(5]c$!Ua^!u* Nnx9w?j Jv= T o*ߌVEg#VJ+w\f!qEU',ۿR_}hl_j Oڱλu*Jޤ8Jںs1Pi˄u8\&I5S1(5-^(O(ed"۴$-Wfl*|oL,* qӶ)]M !E ^B*ÉeS"ۗ͆' FF$SF5j.Dtʙ-:v e8us-/ٷj]f41!N-2)zU9/Z#M)4%%M8c9ЀFd=VEBvOlYOYX1sqUH\LجeP|B֖B-ƳHt.ژ楆f^UsQIuMQͿU˕UKTGO?z}_R M1p<_T_nc-V.d2J}'`3zUv:+]1Z+%lgYleȗE'7/@8-:1^ҝ::W:a-&Uz*K44ShWNΚ-!a:lOUzOU&sY8lzB]e)U.a(嗼.|4Q 8Xu1 =3e%W: Wt 9 +\(nCESC=W@M>>w@z Iu+3$j-[4bH9.C:"jƘ5yκ!1ɑ+qYU-.9 &pRQei)j=G9fGq0}fqzƆ+ve`s\ukxvW!IWG)<-g ϋ ʁe˸"_choOg8uIFzPTimYn&?'_xK{nnꨙt{O6] G#~Ju 3zK҃u#,M^ٺ|>Nk. ۑ5O:tA1J(,4B[aV9:k2K̉Z!3Y˱>k!\#-*GfA=ϑT0U0&ʉ9aT͊ ",:˕T7+.J̖t5Ut]SnMg[RU\XL~jnIUq$!C.⬏l0s=V-ă^HFp`YV?'4vD4tPk>e$lCFe62sOVaz ͪDiH< UV%>a+V//!uC5րƄC)~z79ٙDВ]3qԏ'ËLMVxlAvtmbsF>QİQlܶIhڐ{ lͩQ#IC׋]Bj]xaoZ^~2N܎_7ҊA ʵѢ}e.u>,PPSx.tJՈx/Y7f|%kZq!P@;>(oP!"98 iD䡺WwrKl`(9R(zLlQ!p@ыB5å 37v&eJXk3Md ͎cxi6JD@ëD:PxNP&O9g רi9_-uLUƇ=Bm"P9ÄҵG"ŐqP*\rz{^w\uxtrX_.@Qc=fR-` &&'a =5aDiaƄv3NE~<*0 lAb>\+oMdCAÛ(1# u2V}`ZqmL76(xFqY(|Gd3ITPuH_l\LRU\qUƖ'NSğPҡ`ŘP M|Bc _KيsCk#vIpx긭UGRP/hVA"O&>\}g ~y:$sޢyR57=R)ÖV8LDlU)?,Io-&`Li{3; לMgLALrU*&5 ՄI|K-C}!yWfUȶпp<_kB'S\g!V1up'":2~iv6ܡ`*'8IƈZ,w,EWfYzdxͧ4`;OP@k4 +8YWL}͖enDc.Ky1jvUxU@DEFsAnUiPEL^1o7[ 8No6yu;߄T䡝2@^NL9wlC!- t1n2b1gnW+/nƿF r9D✧g&]":KxAV;b DԿ5,vF`9Wp^<ׇxG`mI_~w#Lo*[[߳ p4$U͸ _EXއsϧP$#}\c(ڬ3i5'uBm *{sd%$~(R쿰Pɺ7)'p"#b Sk" 4. a6IZӮ,VDmP_jMQ3QZ8]YKP>?Rg sT^J %NL.ʣO@7nmyԻNjk.Ѵ^FjV..R3,#Ɉ߿<#| !'],ً6i7S;Ec IѳH& Y1a-Q:f]MZd0 ғsVt;2lR]46}J<¹B7NPq񁵥۾oMFdjuFW:M,6e]jk/V[DXx?A@ioYHPեRFSH-<>!46w:fsPsE e N,fS1=OPG,sP"ߒ!MCbߡL]Eo̹$G'f((J:#EgBRreXGxqG9zk*߮V\ǹ tͩˠMbm(e x8)͋< m_wOzpw} )!bZ 2n5業Nؑ'd7&G`C)3DBZ-/Ȕ\"' nI 6E DSQi=a@;:uwe!BctFePdUuHʴM˄ґMxuDտJ;Ո":шB9P|;1_:sBn2n!)ۿ7'f%zpx~>8J$֛XNʏo^B9jhy+ b.vKh*xL._ry,0uR(3-KX @W:íl$%5^#kct|>F:%)?qBQT6 S>^ݙQ6Ka Ô^0e\2,( UuDU9Jڀy%*SC5U*Wf[8`p`YX>Gƥ!>紞m94D-+8IәT~ݑFX c,s<uDg"ks:{Kc9ڽBJcûawެS-iՠv U@<Ƽ~.'XÄ&υbϰ*J庣TВyS? ]B̷d^ GOeJTA=:tUqh|SډKC8롲5AԈP4vPAY*FD ہmYm6hcO`Yѕ,r]'t6+~,{-Wv0QsHb34|lxh+@5D`s3} dly_.A{w)l` /lmV{/oqf7ui,)7ǚEF]kSLl)qjY6]peI'L''JJ_4ݍ+$T7Օʐ<;IZ\CSvx/HQMB/ފǤ&}@oмPǶqXM\z6z^9rK"n\GnH3 TNS&!(3Yzt!rc5AU+ pˤ/ʛR$R NrUEQF uALˑT|n'[4%d >7*t:t+l<ꕁڔF 㔔^-)P pzmK@owp0jwtysd![ 8̝>"6\66-S ި!mYV2it0\<[nrPOݳfR0yV i!dnRmE%f~Ho\E˜%{Ќ@c<>> Jj1SB OtB ѧ>%P\o0Aޜ2ɸv$n/dp+)O }Jhw<^uȇ>"cѲ/7~ɭWj&eb6d(Zȝ%YER(Na(>[5cYdql kJ~۱ _F;QѴz2ڟ{-RйvP3Wr(lE#4mpK=^ѫ(>黮>µG% n;w4:"1b_jiK/ =~`m؊leTkb;}@XѩACNNA(!\йE C?pKdfz5K1nAIFVPx}$nO ޓ0M u_~ܙ0M /y4Dg{(}|~q3.?[1Uqf$>O.V e',[֌e:>4q"Rҥ}馃<3Z.rf׎Ϙu-rAQɃDm2k> N?6{nd4ssK|@Iċ]LTu8J)PgfZ©l SLϗ#I'JntR.tyJ!8Q; F4ءg8@b5&%2s\pOJ! ٴ֑ϗ===Whi G" ;87~;O EB$* ) ;g@&Ar=;13_.c&FDO⤞r&&֑hAMq2"F+FҐ tf#ȟOBwv?m<^@6=:,씬G)xoOyz.A8i TRO /9?O,:Ş$V$ݬ7VYΪ-$R6pb Ǯwln|.P~O:@S+a+fg=|U6ݿH6Ԭ4<_i D]Ҥ 3[Wֱ;纾/8Nj^ҋHL?DAgp󄫝KEOBZiroz"_[س+c<m ۿPmՆ52BfII0[ )=y3p/ t_Da+|oL)zvD;hBgfs)W??;BPqbW8E٨XA܈|JM-aBFk2b? $P-S\>QKBQ5v2jf:t^UڛO %ĺ=Vm,݃O3/#.㗡B .r?{`B_Ѐ~/HBmا"Z=-p/O/w8g̷/wܝ _WxokF% _:i&kJ|3iɶW\'K;WZej< .Q͜64=Jaީi`ϪD껤\E[OWٓjTK%ESkY)r[S$9xņ Zla^nVq\VQݿis2П"!k}vtx1N)Aml4W_!j~ v=0:Md -` '2 3<=Q/S"&7 ap!pC)Ў8Q_<4 i!'_C}mr6-ć!^`~_r6-$WK> R`vm!0pϏunuCweψVDL՘N;FI)΄ =tSrĜ xѓCu!RU$",Oaj<5mN(W3# Tk~y9QA X>~a!>xxmD{mPuRzeT9Cry VrےO\Ѝfr_ o 4 *`1 e 6D\"|):\6AǓ$"6\ڤ(_EV  =n@BfMs=_ЛQ} zZ?DHDzB d$KX4hV9kW5 V$# _1L/FNYfs=:#]zVE<b ҚK9$8 -Yh4]I끬LPG]Ve o9!tQ)/|z~ PՉd0Seuj)CT6[9k(i˕&S d~ƽ'44Uw4)uJ'E&z1V 9gM'%zrb%FT2\%12w234 ,-cף|t|K#Z]R7jx9%vjxRMsg16h"p=Cй帹lF([ K^`E+8E6n&&n}JBG/:jL[^7!hgeJ +\/54ggZi*V8bda YcЧp' [s:* -5a@~E'Mx亸i.Z`RT03)D\C%@R7B1?cEGVF@;~Fޙ~o*O~:*~l)XvY OG"y3.,>Y'\<0_$ "ؓI PvXWb6"WLRwg1Ħ[8x6[> [3KnY<ϑ?\W~[hqM5o\gF8[#a@# &1V0 $<T"|QYG|x9MFa:Em*EiOcKx$ 1FXDRZbwLZ7T5JȾ^MWIHkS7*Pw!G"}6Y$/e>?OFh+. jF_\Jw 鈸!wЪWhJxw7 aaÅ.b3_JR_k(5\[q4Y|D\"Oc߹xdKíl>S>诿D ZZv><= //$7:zͶTV1Y^3U*SV]mO A;ɼ{Su'3qM!yy)aV5hsTC6DTnea~䡋w̓jK`ȫ]+[ՖB9bzOa+i+{- N8y~hy|j&1KwK)25|srYW(~ z!#_s{=>}~c Ɠ>6|/Kdz[fLs'206jj $bRnKk Y G"Y"&տi[loA`i~!F&S5D+x2O z~F$~ğkPPniM'#|M{*~QQ!B#M' gXتns}\!]m}v@ iHIV ;AJ|QKa$FTmHT۪ Y T#tFl@:b+flr%Fص,hH#EjIgtqLr.2rړjEx%nPƱjF14 .Rnv&soHm#ynim VL|~)fH p]Ib"\&',̫LJTTKv}?|+Zf9+V=iϝ5\V<IuX?:Ƨ:1M"|bO8cڽHaNParLA_T%X ,_Q:Xwk1SN hJQ;ۂvEo?Hn߉Xh[MY~&LIZ閿Zl}WvMB)`cE RH@HsG v#uA=-]?^{,vi~I~ڎtcBˣ_XBMY9jGq/!.M-e"tixu6NйFH`mH^"jϴZU#[m$O|/6g&I`@ #dR:dRZˈyħe{6ԡ4Peۙvm[/JtTڱ B :q5BL$@.;oR]B$}{(fiVR6ƳWWד8Uf3;*<`.H;jR"Fw'm#.]#H HLB58Jan5DEfPJv}P5jWfNd֖)x:ʆ4flƚ(Ki#9anǿސmZs] W`/Lo J[KP>ػ 7lBO"_t:%9xQǝ0R}gxCrӏ`/,16a~3 qxV/Vu@,]QȁzӔha<u?vPَ܄^ .Dɍ2nHQkFaD2[ V$W`#P|AIi)2j[G#?x{m'A}7ݰagĘW4dFm!4uTkFA w4}6*kG16^vaEVrroڢѬⶁ"NWlmki&g9SIq1*tG_tXG'ZrΒxK`.rsgf1i:./sЮ9ibd lP:$U'y -6&0yh;DA&$BTۻCv(yh<4j8B 5ծߞVЖm +¯g~(:s1z4VPj7 QH!QmHC&D|z< A0Js<4 CWBf{㝾3Cmpq3$wƪ7x(J Sˣ߼2n0m- [8w S|?Kq^E Э(L ZwAޖ(>fu7Sik(߀)O{5ͤ{Yi8TLiIo8䜔(^kމbL=zZSOrp/ iݝxR.?ѐ~=?3` !E4VnSٔA;V^'Nv+u堽 &hXGڐ TŶǒBXl-~Ĕ묬/^^&V¨G2MmVބBvx5 lc_-ZTZbݩS a0^Qqsnv ֱubڇIv@6^@CO0*Ɔa.=' }PV apmبJ} kD-JvރWEco)8a3۵8~7nSpQotPk8.i _ ߚ9L :m)[ 6a6=ƮM:qugMwh~{fDmt!KBkZL>x1Iijٮuc4vc4Ѡ5*qy1inǒ@ױBa Zޠ<-U; 쇑c4Ppy[_odoFC$e͊q-㍼{p(rvܛD7DM` ߎ-["pK=EMO"cv5F$/~1@]tk˾AbJL芞flwWӷFp3ك0k*|Q[Šڣ9P ˞&^k9R-?L6a*FhDf;8E0 6nl.Xqcsm=\}76iZqcsl=Ca7mӡmcs Z خq>t4 ؄Ph6ڱI Mѯ:/Foq(Eo'ƒxvSB[&DCt8Nq\w fc mDa>mvpRֳ*f1 T4L2O`͕P]ۂP03GB4 z(mi/kuycZ`Kd&us07v%3 B =P`7&mM mg%߼ 4zftϨ]nA2iuXq:H}cM!/6x4  >:ho`=Px}coj[}sp*BǐU<|,4vU9ve']l<`k `8Yݗf송IBFrgGuz7NϪ.]iXqPkc,|Vncuq4;v1zv|n`'S o-y hef~u+]jNU*e*j ڷ!2Y$TZ$ l&BD!nԄ.Rh 1l&jb@B4VA"'G :(w{~Y Mfs^T=}M)C_vv%ˤ=tv&렮gJ*H v58{;0XtI;6#jvudUeL$4_4@UkB"5dMVm-q UfUE(H\,m$%,,+ےzdt%@Sjz Ԣ P9~v!WGH:ƿ!t,}Mj$eCׄx 8ԌB.C w-ĚthW?5ņ ZCjL핇Q+G-yB4OÇF!}3xHgcߛ3bw%7'7xRޓ\wIX6=Qwgr3%i^4hך7*Bʷ `@!3TCdt7Qf,Y*rҎ6C*EƢȵ"X05}9kMmLj ~Tz-, ̉~ӌ`p45_qkL9S Sɹ ɔ} L(٦zWsS~ kچ$4,+{0 4)v0`2zUkzOYf]3 f$Ҥx$rM0ZvH:S9Ĕy~:K)͛6;BÿјW08yXcp45 F[ƹ?Ʀ FЂ^zZhx+R`M/jskw i((ImQʆ`Zc^a杇yvh1kqnŪV6oĠAa[wߢ4ƾkcoX]Xnl=FCE2VL) ܹ5Vg{Yܷ UέġZ/9k @T h<=u-6+Y:EW9&pVv5.egm+P)>8 / X">Yx@JZ>Rꬺ BO/P|Q|M5 *ё62vmߞTV wV(Fe}6P9H}5Q%B7Xu;AGCݑ^C6/kem1o^k `p5Y3N7hka;"CJh(,bR Y0)D/YIlQ,Q ѣLT {.0&+Tdʎq ,h0G7c5oQد+Mq^o{$K#l,0²¦SCųX31eu8@[04%Lj VQ=KY'ֿΦfw]VV[MܞWb1Y$vGUeSRYg\~(6H/*fM0`,[f3 44HvbI,*HGQA!ӹGڕmiX@CD-er#G2H/OH4N`R Y8er9>.X-nZKa%S{+Mvtٲ=n(V\<6͚u-%%AihYҦ5=Mܽ :2v}3$㠾\:Y n'&}!O>\ۅP(9|eLC?џ}\w޻ϻ;y d% k4iM$5V =Eg8ryJǙ @X{ee1¾4@hVEbcE-Нm#j 7BtD V2ٜet/mdJ?g/=v+!>b5^W(T_WhH'$ĎjHJB!Ma~ ;rTUSKc~d)SV,w5!lF nR`qـ`𚇛~}i>{ ^8s+#XR2#ȏ:dmd#tz(FkBMvt@Բ4Pt[;:Ec=x (*7/Í鷁ш0hs~|%Dj3:L( !CDrwB.eVg|&dAk a\\\˖?SpT4R 9vt7뽇zmiz_(6yhH6ե,ϸlcyyjg :/+}YfX.,86núҝ';1p0k7.+N]肁J5^z@\OIRZ!k9n/G3'y:yҙ'-[o9GtmMҢ`U8E Xv&\˥!V R[FbvTM"Nm#&j?Օ!HWڥڸWK+wr!/@V{ ۏn5|֜)7$3^{][}mͮFe&|TPEb[?sph̄pъ-67b1un;=>d*ʺŽ22fp+ %iHI3B-nG}X~XEm?Dƣ ZKǨj#&aT 8!"p8)QMKTEh$۴n'09B(-"A"sʍj B~dE7ejJ u, } qZfjd;e0/˨CSahfah&$AdQonK}DոhsjLN0 vЫ>l0ͤ%'r"$j0aEyu>vb`x|Ց/>7N}\Ǿ mل&QV/mP|XX3IN6pIF]u*Pê|5|_6~q8|छ1Ύ$tiZ &l ކ%y^ k(Sg6Q(EV\7@ K-&i3 کg`/:~^θX@ˢREszxMz`ރ1=UHel*Y3$5gK,["Dhr )u~2r2P6Us j.%={ S6Pe ZF8m6F"wJԧgO Rl_}}itolեIA(澂6zǯY RW{nc\hgQV6y"+ɦ? DRir!)IUr@9&;7Cyq_EM?^c F;/ss~|,,bѬxV"fȋӃq0i"[;Աbܫ&t=skbn0S@¬Q"֊FLGBKģ q0F߉/ڶ˺YڇÓ{+smLBjΊVψpa`Wnfb`*RM٣+qBV˪,f~p0ëѐ6<XVeɍ4+gx5?x>iWY~qV].exs=Y@~H~B _*EDZn\C=Bj7_RͿlV kc<P>v1Ճ{jt CTE%NVIE>(K4(&Sm˛x6־HMЎqJsY9RVH|!nܣʳf5 Y֌ߪW?FQʔ5q.I{%F}hA]|.{li{x EyJc`rU|R49-Ќ!ZVGXP7D؊dĆQ[] F#x6ٲ6`e /eY}yLQ)jeKzl"X%dfPqcWR\A lS:{38[EzE{wCi44"6VZTI+JfE'=(\PR~R^[9sRYh~:8/R~DQG;/.Z*1蜝]k-/NBGщMRY]@=m†ΊHӰ F)jEkf1os!hTNou>'7*%q`ϜH^#~:#6:!z扫6D㦮ttkk;:L*ٶz9lL<#DrY|I&\N&1=0qo& [ZGÄQgUS?0YHQyhڔ#0C_G3Wk:,Q , * vV-xg.i'yh;@XH~v_{2(z0K \lf R55=(Ӱ`O"X]꧗c erz|dߓjuv@Q)_%-^{LߊP,XJJ~>]⓳$DT7\5R:TygЧ6 XQY}OR%nDuSvjx<_QE29 zƊJ8^s4RˊΈ=:3 "֜,J꙼ȍHKg"M 1 $i{5mFtHÝlw ;zu_G`Ypz$u[~ #]Gn.khp0u i/Cƈnje7PԵFb\5\nRHUz#XFBjHZ ḪM1ƧR !b5Dږ AX!"G2'=#RU &˦VJGr2 锎FΧs/r~zwy,bSS0ab}(U|^ S둞 ݨowZtHKZ\x.Q4z)Fo+kE kKd)!a#b㚄99)!ft=G=նiK=tюiFM#4B3Hѽ6WH!Qձ$p_ՙSą8nΖh{>Tx ͜L%bNϗ.wB*̭zEOCSޝ*6jmy0="#-Mq8A_)<}8M?LaQl"U+tߟr,Q7?@hJ]mCKi+K9ډ|sž(Fa jQcKiGf&{;sM$9QhIxhJEp6rmKmQ@@h"ht/(@ǎF|9if|g9[>NhAvx"̦!Hoqmyn2E..8o-.p]59>_ݙʾ4Jo~2<Ԟ,SyiH| 'mmק|ѐGSϟsC%^t -}:aobZBi<7#ŨA`ȧ<{4+k|P<@G;* UZDk(Ǜ46>“75{ ڵdV|ͺkɴQ<|lvܫTl9=\T.7v'oߪ7 @Մ=yj/.5fm-;z[Av%#b2CEJy NBPJ>f뉵33J1To8Efmo֋^%J+;%=NX"Q:~@ "j~jxh 4ؕ v"zyЬG:zy{~pc/ob0^1?dfja@`bp}<}vSUk'.®b8dBPs[VGh0Ea8⨓i=fvz F^Mqekj6gJ0g^\Hb}:A8ѯ?\ڎ^`ņc,{ Z?m"Xnrզa/ ^ bb9DNz6̧t3é& 3 l4pr`4p|#\Tpa:(˄3XBvxmNqS: [$6}BdeBGm1 ˟l"o\èr:gV aʑa3 v+^ tVcЁK_a߲0B5b^J@ %d:jA-Nq[L;t`ՒaK&#R>EE[LN[M m.2 9e哧Re)b擪rS>85dd_wuiq_tҲu$WycTB2ot GdWg`knrt趩vCYG1YYEjW[qF-; eP!ÄZt:H1#AsבNli{?p&) òj1%^ ]n* >WY┗@Iy7#UeEdk]cYJЊ!@ >KOHrF,̆L 7N*k<gz̼›wR)]y畎Zޙ&P Z$,*mR fy@7HE}YM=Nbkr/cTfj"a=j~GJ(HcDYA! eqi7FS^*Rz\Z$ &㖀~YiUpz<_*M' =ܮhNJ+ 0&'Zt}3X | jH4ؓU%Iɇʒ?pxds=8mvS.T`g4۪DJ~Hmf~Lh2]3;JήE\Ҝ:D ٛ9O>Dٓ1UNw 4^fESUʪTUɎ/ )s(AP5kf㻪^aaa=/ʋrc _qM|twRR+Jpᣟ,onw=vv4<Z "8o"OwZjYSw@ 㠯hsF;}-066Vџ ',K߰DkjʀG@+gdBX(2]iL"0@dA0Մ:V$`Bt#May`Bt+]4@:|5&ֿ ~6[tZ2as2B⹍ly Q_U)kU}(*# Xoآv#u4El0y@UX=M¹h@yaQE'7n_ǛGp<1~D:#u{ /Y!|tU+cd'BYO,?:ˇd@Ϙ_}r_Ä0"uhݼ*>Nk0C6嶆4Lrg?z) hDxb7~jivHMq 8ς`;#|t[M'=ko]l_OW'BEMB>-sVHr~7zEJ&v%U"JWWLq;H_EPE0&݁-Tc[ q4jq.̦Whԁ8<8sLdbOSY&asVֺGT# DjZAq.,y芳-3R_ͯ=bX[V4]{jcM^`&ǪT"&3VUn^(i 2Ԁ0|)4`BiVOUvHy6A~gLkImHN/lElT+5sB옕u:[BΜI5)+$4ݡ Q)ҥCX ywEw]$1hm&Yh5jVSTfis3]&k}+ "S{1%tVa~݇ oȾwͨ t3|ӳ[L= /;W-0?|~x tz+:'],da/OUvkZI8b8M gVQp&&iQ~={,˜[8xdW&p&NOfR*fq6 Ӳcy9hvz~2t֧g]R*Mo߽<8ߠ}[بp[yPƛʡcogjf/h@ƛqZ%ͭ=ȷ}nw73⪘ 7,uN};=_/ڽӻsD^m\) RbfxNdx27.!(2%3el y"gZP0GkS't"Ӟ(ڬ-Sj@D5OPv@=)+]*\uu(F0Q^ςI&= .M2Mc76R]BnQǨSX^I='bQ u %UD[i)j:2rYfShPD;JYi>^ILF4An`i4+ %cI=a:ʓ)W*~Rė(K_\WMX=1Mr`K*G"9V),#|U4*,1tr-g3F̸z* r]pP"9MQ:?FDU =MÑHIeVi?p@Ih=)ԪOռ2ňv aQ sE+iKօV ,qB `YlBE%e$(SR\&3i[zu/'3^]eQMfkfYpv/T5"KYd)蒆YVS1iz$ŅYswؤʒpa\Ls蝎,0I$檒gBgTXYꥺw+?Ss;考@_Un%CGMYEjhTγ'gU:5Ϊ<ԔN(!/Dՠ .N[ACz$:Qifj2Ӡ2k-Mb%6wnhzؘQZEDgǺ2 VJ4}4ƞ2Y JƬpyͫ~0)#Z/*UL O5u<>sX 3I4^=ZsϼkT.<ȽI:1},lNfm|M`d0}zZzqytB ~vX5d!i'%A@Cf-FYE8`; N>SesK( IecBz - D3E!HkLL{E-  , - ~C ohhW)HZbiЇаo5i#it'&c!PU ,8;tr9[Q N& *5=)zDqPdBMjbq@z|"|G*cm>l4i٩Hj+TYה تTJu*. \"4?Z.}?N^n%!h]525-%-$Hk2:C `+$ԝfmPi՜I,䱻O*K5 t64le[y{ECfck^LqǏHL63)2\ 3[I--ZA MmYЛ>8{4#jbQu޹aJhRSNJK :>PVO@СZyg9z)5R?\{4ʛ]JL29󤸊)u+}q m칶i~)aLM*uF''=+[FڠєC5u}y6?XM2U/OV.] =gߧAmsF`~z=D{֝k܄|Wft[<>5aˠ}s_]q3Hz 8Wǡ &7c*HMۺxO5Ŧ̓;"H ,<5iwsf @ISzPkZ@QXc0g{EdĩKP0&QhSR4bՔr0 lLl.08ϢgȉA;$X2d3d `!(Ade"mZ@݇\O@ZV"4# G5) Fr4" є4ծ *F(&U&%7U@Nm#rOMY.^n%S''1yu`Mr5>2`+@m:`z v,Xn1`5K!SD-8aVv+uXԚZ`2UVm@89+5rQnP+lh^9i:'\gOe Ve&܆vC7cp455N^-JSz5]hw`ے=U=jĊ3'`ZF+nC$\5M&E^_ƶG}I^I]A 盱p[(6@tuGZ;#+<Emly#&D@Uu"7q><(:ez.|ȽCf [{=Vꑺn Ih|2A[!Q)Sv2z  zC9野@Tt0$/Ǻ6h#DgAA޽&f'<$ufA\2fC4#!BuZg &։>v,!xR'AɠQZ'?_ Iu(d-81-DQӔAcp?L#==ԅ<ز A7dC.·#~XuZU'CجR`(.^V iE a4Ղʆ0RdLHXǩʅ1 IK /PkPQ0΅WMQE,ؚ e1Ec46%FN0X` Xb5E+b6b,FXE76gD,4XIŊ-ڂqɈ+̜j#+,1@?FX4SEjT{̷XufK0qkz4]D]֑.H"gAjk Ŵ%*Y"t8%N84heNjCKph ڐ't_&7#@Pn#ͷ!pc-b;t՘- h(#D d=E9+h%;mH"ʁ:uD)I<:Q4$/[D; ʟi(_\r+|n^]ZARJH˜ eD9}c5$Y$B*G"Q^mtzYKZ$Ll4]ȧ Yuqq3bR FQT-*&/pe&sRgX]@4x<1Ve tWG<}+@ac[E&n,ءŶ-u|`GRaIc%{0xn <lD8 J Q& VsOTc d*FDhr_`YuMy>,GϊwyةUE%zAP2Y*KmY $,Rq{sPWZ.D, ׬\>XrW{DZT:bbAoT]u.v2҃eæ gu+c2q'9Wk9՛W-tsJ٢4ֱAnV2?*o70.:l݉xs4ppIV52̋}k-oEfʴV9Z蔭mCFf'w7PLq[\[djgX&Ŀ;O }J*!gEH$!t:uΪM@SҔIu[kUqq!8}ǷbrQռ13rE{W5ʾHlkQ.-Uu5+j67i7pm}?Xh4g=Zs5Î;/+\2%5ȭ#p:%\=oگCG5];%m}*VX>wXf2+{Ilu%B2a'B#$ AÏX[|R^W9FRZGb L!b~};mpeQvZX/ WVMoA)R2tCԼC3Yhp.K#TQ%QVjF7w/ ,*_\]rZCm_LR j"u'z,$l΀Q O#pRw9avfԗ-ʅzbD|FD.shEN ȣW֤'j1őeG\l97VT$[q6&%;P;$;<^A_x:iEhWSQiFB/ C]rYoeeBY@Iy`"R  rKHp4:]Ow?}ofr`tM97/!*tPݶJbIr ^י_yhs)#ZxX' IPr8,fMkOcXDi\p#c &_GMx:K4Ej41fsѶP}Wם'gPYҸFs,wcQJS-Ja?h[#q"]z\m+ 7N8aʜP m.<*N:[s*ݏuI%NI8W-7"r`mN' OxC@}NX.:mUJI i~^|Zv7 4;hDT~/GT)_d^w D`6jOe\:M2LC^@UG8XKHDZ%27JVY4O7V82X~}+U?pp-}^$Ņ,.YE(`+Ge/Vo6+Nr7ڑ}=h3П:!j:/k*uҊ &噜)r̬I;`:;U "<Ԗ?O+P`,3+Neuq7k4>~mԠ0oGIT^5_]=x pjG7 ~-5O/1Oՠ=eځN7k5MlƯKpX@^[\Bws6-gQmkEVEژ4pF~'aƑ7?(n*Z}Jpn$vJ5eM {pp4rVZۦI]o؞\Sk&=6 gV]qM9 %Su&D}r 2.ef9cLPIfh9Gi&M#\)@^-M2tJŝrkI}374c֮ DQIJ*ͪCܟtyi'pٕ̅tO]bC2B&lz^XL[FrB9쎹f2䤶x_F ndLn)Q4>BV`sqnq{(_P:&t"dq"րYR3 F*[,Qa] JQk]ߍ Bshpwv7fE#dV!f;**jJ׸3⧰/yVQJ>`2T@HjbO>H,"j܁r. ?#+W#G#* OuF&M럫/] ;ێNaY2T.Ԑui}o/kY_7#gbˡjL[܃N ȡ\W%qe<󪙧2\`(vINT\m=pjPq_Z,X8jST"X%gh NM%?L&/RKsj͚ 8cœjz-e_ iɟr 5'O#mp,; דyõ' G Sg$}ljuap=ZZ:T˞N.q$qKP@\D=35 g4<$VqV}T/JTۋz`ue"VK1E,EX+6l7WqZ2r[]n76۟]aLlih=Rb"N0 @5Hfb@@`%| nRS1wRܘ@IP-$h-$s&Ȯ""F51t V9ڋ<:Ƥ,rAwĤˣ={R99wBr&53֮ܬaUʓt6NVwh2=|V=va *Q0?|~W?o8Or9jo!/iz;8_ռ>u%*89nϱ7Ȅ$=3/ev },e^c)1L*sn οZc)C)BKl (5`:]/徭jwÑg5 2߯q:7E{S͙,H4#9gkYuVj_j\KBؠe\B4:0]=m2R2Q}!H3LR"q+TsFCyFt ttDoh~nN/9>Ou7ʼfg3JmRU(SLպMfO(9AΚ./cº83)>V׶ n{IbM֫ ~Z{==-]W6zA7h.}V yhKatde']" D4I JqP sWy#j Ҋ/߁=6QuH88뇃 /1?ͻ3j6%#J5z)14;݄ mdݧIUG]o4wS0#=qTQ8=e!Ҿ "u)jȨ,}:N@hMARN(r]:n[&5ydƾRc.6rWM&Nirי߻g@buo-gމdO8Uy16t Q (SO" "ꪠ٠(_XEfJ\6M,͎J|j tY~ޓcGgCkvיgWufb(өWTV$NoE!hR"d/tb y P0t[:8S[5S~LdltmlL/",ֺcY%w aOiߛ?dbC>|ϧWX'T^2\T9 KѰQHV!FBzD\){WdkS|) yO>׌Pc@36R`׍ DK(Z*j U^JϼL-]Sq9'Q}z4i1aVz-̧iCVKTi;MUY=zڗFЫ ̤忖vHMcY /kLW+xh[!Ϭc鵋h4sΧ8relb'nIJVB{cZU ՜LBiO .!XƩ=ɺaDCBN{幎(&Z,Lԙf a>b/@X`^9~a%t Ik2pU8)UR1j"~N>IJ+kX胏5A{MsoQR"5>Ї ̍0 {Lޢ4}_ط5'? lUn``sUmz>n|Y2m]Z$أzk$GAK? +R5By=#U y%x 2H{V'MqzDCL5M(o;PMͭQMPƛљ5£(Cd^vՌy+GWS~1*WD=[<eW˻FÚU6p)E"5DzJ耊U9;}K$R$MrZER]{瘒g \ݩ|/g:>@-r/.L" O|Z,<┥~d_b.'\W&=JހUXx*t<'^':׍dp3됥먩7J?צQ9O+($Z 8:;۩=Pb&8QX"O*VXtSY6W3̳Mئׯ۶Z 6\<&jF%QvWZb?NXG8Kr;vm;"92叨qBjK. *RpLVxZ9_ 8n'~MLVƈNئ`HJj8)5h? IhJ{]ҳ9~[z+EoمQv״ūBCsB"LM1EUUBwr~)OߛP}Ţy\ӆkDf$ʢT<1Qgjwx5OU>VDEMJ\8ըT=xQ 2)-tejX^-f2I4FY_匑BJ*r ]U9}HÚ!כ"d6K #}{P|eR ^|]HSq& ]AC;J$HfsCuu'v̀~0%8|k%'xLzhTߏ.vc]- -Ra@Rl!a^9JFHARc==DrRzs g\?rCezvJwnD:.']r6> ӥdx͚L{0/7xNR"wy&ip-QKԖuIfMAIG&_1PWӸ}-! bFiSa16 :<&ؖbUn-FvJ$%Z\<_ F!<B8?֯cm5RՂN$i_}tsNTأ[PYyu -v]r}dvk)6 R-oMZxm\3l^Dxxm7rѥkt).nΆjL5 >$.<%Cs꤫gE;gВɡi[}ߥ1֬;l^}?YE(RE^ؘv:n}`&X"oDb7Zm{puv]h(j/6O NWb">-B) nM~{(_"u+1:E`n!>q(nE"/l?Ar(9H"^-j7t['&dmkE%*BIuU"޼U "Y*<`(LfrA5d6rOYry[!%p>6ul@ *ǒ[U[,uI{YO ㈳A?ΩO2yelfPVN%DggNZ5$'6+xcG:}t/ǣsnп0 qpr\,{7+,p1 ˚ 34ѿ-c P`<25VTX[/&"v>e}@526`38P8b\lFS 0؏uI,O<%*4mRЀXt3ՂZE[DEKPEy^R{V08!"v93s`f]˅ɜrzXR.D$FJRyDJV6 o<ȪH't\ة`+߮yo#g5#jvŒ15MT3צ*XbH5f6 z"!w$t1ՠM-E٧F7 2id݂A.j Q9/ENSn+)1(`6ShhNyG=3juh5}Do*/w"|xh<+Hs^}*Q9U;.Y/r=lnPh\;,>ӓ}KںZ ;h{yxmJDK:DӈvgYYݲ̋ v1zM׳` ʣ:h `n9Ci[{']:5τ+ BwNU&8 q'uE1ն}=sf Jށ*yzB\P X+ S3xJĥ6`ފyQ/I>+P4v%AG$v,%T@c"tJ ]^i-2G`KeʹLܤ:y[C ECKmf>.lvԍM_\\ƺztB ~Ն' 2h΋ X*`12 3_j~r(ҟ,> g(=sKB@QMY7{6ωuBUV6먫3pRWך١{\H+B%#;6 ƹ=ix}*?2\[(vVd:-w 6\S̷^7rzϣCTT,0$]S ?)+iVU*F¼ߝtΦD\pZ)SUsx*T3~*:I-d^gnfeF}N4; O`HN,9̭SZ^*z ċ2 M0I̥KQ++FC6"iմѾ4>i_O>"TC?yٙ}!AͰ(\@'MZfd1zN- [ 2CZ_4l~ב#8^)>!zW,3ѤJ(ؤt'}iX}_@K uv=vw%[" E?%t(u"ml[¦"S}$uz"ywoCt9233тJw#=Kfbbdf[ϟ$ =ѡ+PUBv>r6Klk*ihxԌ`5TADJѓ0s5Ւ^5VUC{gZq`r'JϚG?/39ItXԕSY뼩\L094q\G9}JVkRT!%Ь6V'N%1Au}3vb7c5oQߠz G䴆2+ F`S/O4=x@2}:Hd-]'߻LͼKe)*$|]YV660]})&[erҞ8h"Iö0 >07K${f\Oᙇ%56{O&A$]D.u-tλ5|h#ҊN<#O<, .zV6in(5 5a6lLi =DX`|9r|fN)Rp$?!uA.\L(uW3I:cߓjr\vAR?k7Dƽ8UXj?毗IG-' \"ue\-*ijnUtƜf4i7oULhA_n=P_\89:Pm Qӫ2Pf0D%Og4Ҁw&poBi/\-&uaPu:B*nw*#s22 7W]OmN|hLB¼K(_vA"mͳN. 8@n6*4!l3yNMOLzzM躌 =;]WGg'eЁLuirѴ>t׮5~u~'_EwCcO2CqWo_y <"}I+!W|4 KMȂL[K*Yu`CrnYG+]wOd&$?DLkG5xp|D,VYW֟Z4!F|qu/ I](iR6="GgClHI:ROs L9+"h4ZAUY4b zqLVmUV[34ĬbɊEq\Uq"F-[D:<(WfEVK3C pp26JӑVW4f=*klp |^CWK7E7D\,1{k*$edlp.6|~ZѴ+PgT'SafH͌!rџAb6*Ѳџ%VlN>^ʢn)9:gr56p€Ly9*9X>ґ D@[-^:ϤIx#z'G3M|"X;D^" |*FDVH"WyeCx =2=Q̲6=-]k^˲#ꀿ[h&GKV֌<V B$nl巿{ͦD\5CsMvMC6 ;$ dVwx(,S/{;֩kZ@]MR%6T DžZȊF& ~76~%펵~Pv&)~zpwrVe ^c68;o9|qj)NlpsgwIjI:ndh1 p}&&8/`եrh&>Ļ0nؾ@rFԌ,w [4 QF)28l2:Mqs/I}onqi9%=G_9jzRÍ jDNs9IKFЄ5jm'LyQNq& t}W:*Xc ѪAkޤi@=To:e]sS>FB5LqTUzV QL׌eVcSբK~+qVmjJu5)-6`,6yf/pR&Oٚ݉ >kTKv{“z-*JɄ1W>59@;3_Sd f^x^T~>_U7STsr׬CZR$gBhs6%M< wlh|_7>=w>=w>=#焓3>̪+g'FJ@/`u:SՐU 7ɤVb!?^!!'ͻ$w1U/%I5.y?xNf }Fun7w@ڪfڨoL}^sg`hl]ڿr#DKHR)ȽO&D7_I </O棏Lqa&f$ &lԽ=(A do,|_X8w7oи X6۴ҤCE M]ȊmfVN9 kl _bw6"(He,+ ooBGaMkM2x566r<ʲߧNc0t lo'O~9:>eRZZ(Ml^d(Y]42$w32kJr[?O0 . o}kVj" ҅ Zݩ7b`$NӦ?N'g%KT(hy|*nwվ$Б\1#\$4&1@%Fjw휊%j$Z嘥i?_4/ʝm5])Pع85K]ڥH cvf,4uƀ:c4N%dhq%2v`{P02`gI)PqV ۷Oc+1cOIz:1Z*-7iex ͌lbm&ᩔlI7&m5iŕ2Ct לMJ)h}1 'tXxEI*Taf 2%vOubc;}4y C~Y"WxTEv - ޯo)B\\҈LGkuO{1U'tؠa+@ R CY]:N-/'4,,=lq)"^Z\ec<^䍖.sǮCNjjg+27*"MAY|PhQ4)hy%]CoLC =a7RJXJc@4W9v16* 5pf?g]4Zq]uW:ҵз#TS5 u_ͲmH6 ˬ#Em!mV2#{i OڜئY1Sze_ n}Z:A&*Lnt͈zIz3U[{6 SG1='R.sc+~]} ױER_0CX$w-uaʘ Ф-Vnf\5=H5i\X,}{NظZk2r~]娈Yo4fUi]GJJnYm!K E7")It;pg06a$m7m j f(0lQ@MHߞ@6/t-2VqzL=2YDJ pcUmtm6]v`(vHn? ֙5& Uѽ>_O jj8(*#% (3輧W C\#O6|SY=e*r67]ÀŶ}ERƍ4Rh^P4 BzetkwEHXOAj~ӯ\ӻJ[dj=6v)u?vR3F6V JvbHZ(n(\ ]WЎ7iӉgK&e.dwثMӃr5N[B5)թ(:9Oe&<M5tԦjFz%'M:ۖ574.rؖ􂳋ƘDК8uGXJk.0[[[ R+b4^`ގf{0؍1xMc5k GuiDMC#lcwjU*Ni T&הHƐn: JT|A N5e,]\S6{ vۑBS%G7!f[Z!IGbٔgvdg:[Z9vTm:cU蔖w.Z|̯Ro{<1xҔޢ4:zmÍmF#~j7'S6H?zb]<=Ȧ]]ک>۶>kTO%D)yaķ&õGbi"\s˷m㭡Z}m z󝁕_"xGsUwB([\lxI*zgChp>IGqnq/aVaoH6 GϘdK0nu8lp0hPkqPVQX(^n̴ 0\9]܄;܆_Gc|&p k耵a+`uNJZ6 Kc8lx7똨J-N<+ /5 PGhs=Ivyԑ:G6y=*ɓjEɛgD.6F ̫*a%W:`P`L6bNNV(Plj`0i GWZcndI:"e`0gؒob~fm@bqvjlFaЃ%+Ybrd(07֜mcWpj#4vͺFؒ{]~j#. bkw\`AXN!P_w?Xԋ#z,2 `2ԔJc7`Da{r|τ 4_څ'oxՒͩ#c~dًQ;J]z*##y鐍tLB95)뼁)O{Nӡ5`)`}̷X|VncUSEp6axv ^-J%zmi6{Wa0!,i <*u'qXl`>xx+F-uMaƪ8rvH &\{$ڕdt0RÉǼ>jFSz^£U]*%< *FS}Q.;PVUIS.i=n@.v>kY 'u4?Ci[Kw86 pyQW ̀$T+3:Y^t*1okT!(nRp\ L.bՑY# k+g ͻͫ9fr:r*UN5w+grK5TCH2+I]>GNHl/Jr,?_]TSxMKʚ(T3z[z Zy^~.,` i|d6%ϯɗ.hƙ7K56NMD 5;шFo_\Aq;vֽI6 ш0x8[%c:z"_ͪF708q1ӣřKN"S ނfS yB}ˀ.a ^-J2Qg^_Oߢzma$8;{b%uMd7ԇd(BՅ 尰sdJaWfc5uN\Vś7ͷ:flٜ-~LjJ%3,/ eDy3Մ70;֟N"`}vEB"NuAETs/;6z!,'MUuRP9$-m=d~f?Z^ :' mʴң=ǩ /@:g䜗T=㠔OT#'_z+?f7LhP\gh7pngKb%i?< ?B6a)^b$ oM 7ܥ>K"zR_4S""5+aѮxҴ/4Ph"S+' z\%GXhdfuo-G&hr9B"JǕS?8W6n y]C.GRGp)G|LSz[pr '訄Uu"?l}?0DQ&'7[G k^ \1Z%, LRNx*apȔ_y~%`(vlB?eAO+J>} v~X<}r$̕I_Ya> 4?mQRq#1 5S(?4oq2GBֵgѧ._)sq$Q)>g+q%IQj*xV>0J-=p?KV)w.ZHoI0}H]ԩϲqGfPRPytU>+o2]*WzdF2:H Vnu% ٺ2?}ߥ;w~OwD~s :etΒŅFIPFΦ>t.ܿg}ɣ_G c7TqC c97 53eF3/|. ,ؿJ,+21 (M-GN1娲 \6aE"I硍)PIZ@Q9̑4LGCEC)f35@`gI@)DKz@]2qU*fl)`:N\!^X6AE\1qE}9w(u)u|Ct bE:u"JFWQJټFAʠQ* .wDt,d.x E$>K".'I4$. ~q2+Tyܺa^]θ9 ?nwԫ1FwYu^F Mp *hR\#EY*JKxOPRhJT p p1SڢDSQK)xK 7w4.v q#)'Bg?Ok'I )SQX^x̏FC'wY&}NgG1sE#vx|ףi#?Ĝ9#'Ug?+Gُ:v/zQ1MbOLGgtdLX'INߣuoO`=91z'=\4g?:]b?zs;s`ԓxҳGTU]xҁl rx IHX6nt{l-8zn)/_=ð?͍hyI"Nxb[0gEVтųB}u~=îgA1EG3C  ģ$h5WH Q~ǾDbmE\3]>rTZhN/:v٢82RȬ/"j+RM@fN _IfΩ[t( p#%rcB]}n8Fi]Q?\c:^Jkk̹B&- UU!kbrbs/ELb:h ږ iiusU4mU[Q^OvIoBeؔ2@G=AKSD-ɄVŪT^[:Lîm4-Q!I?A4U󘗒عk0PC^k5*vڿvMn.^2ʪJZg:Ɛic"+y$A)`ƜR ))gR}TDo]wQLD+A\zTP%7TԂ:҄4Wʺ4,saTJQJA=*!$Z={^^6%7yqK{I{6.h%dRϑɩj[UF:yDxIWˇL!yJv)< U^U!'6]a:W'U'A]2}_iƻc13uzLW%um@Wϗ6,R׆%UDz 9Ю .j%W39gθ+!QL9Lc*y-q.] >Μyq:M{;!zKjAitoO }~^_3}3z&DEk ڷ&ejϝhYqhyF`qf)< u9u;F,i]vMNC$C]&q""kTA-z()kuOۆ<crW x;++F8\CSU=ԟi"y_gbRѫif!5)~GC7$v}oZ15tVdUfWE3tgDaspr +E+^Ldnqu<6iH/%3Uڑ]Wt%g9 B:Ӫv:siuk>uk>uҋ}1$cS/Ruy1'~>{J|qڗ3UNFqT2r>L[)axKx7Yx +Ķ†}PK؇ Z*,g0U2f7l6%~OGe@1uiOŹ2dHb̀|NOW~ek>u,:gZSW)rp):_lLnI3VJ*9B4b}E=夎PA2NY;WCd=\zM^?td0gJ+Kha]N/2"pA,>PW88fR_K1+:/C6]d*FW*gr=usu~س:,+d.. F͢mALg = 2lڪaAJKeƗ|'a]u-tqlrY|:`حt;"լ/s/뮫@(0SJUMN~q%յຯRQ1{l S _W]`Pg. pFo܇+LO5}e~+*'6H_^6msִhHN*d(xb0jQ;1]7^Cz:TvՆ0ԍi9Z96u,uq˅!'btl<ŝ︣V\AO0 a;:v˧]F5T5kSSbf ӮZ#6Cx cQ=?1 0|gV+m;:OvqIkC7TLmRN#ńT#j_k4eë2Afyۛ>.>w~SxO>6cIo675|`0۷\Pև>J{I{Izw+Y/ޛm5`?Ջv16_Mcu1zy6eyRaVη6C;l8—75o_^ v}m6m*2[no-@4W2$LaX̱񦟕u# ?X>h?PyO'rpoꝆC5 KOw?Ow¶ihu-}wyS/V ??qmfa}Vn]@{^`4qi'm{|s{m}<ϟ_ O^va~h=@va{^Sqmfrb{k;|us@m϶gnkm?WdwX4Gn>lߝ[QX@e?1|w:}v\j,ܬd`4/N0-JlvcBjp a#!lE6饉 Mpoy>_lm6hPc 9-x@pk9?m zd~/m+v!NE`Ak{Pajm_}ָvw65,~h<Y@n |~ë;G`{ϩwq/hF1*avwWM8- @ tNAnou#|Fans-Ccgh(`iYWȎ/"lqU fEWA8oQ`@EhnGl/Z}g%yna|a~V4] POe 9lU3n7nlpY:owu4dq7σ]""'[C[z7U[-.fYtSS[vn;AGip]ֻÑ=m=w/sc3p4noIO`th ʹ}Eû#UDso-;~!xƿ6 :2Q !t7 9E2Udz,j8"rZ\ C:dk{,6@ =w _!bŮ!tm{DŌ@6&`5Z^`p-|1 R(S.ߺWHplpL&,!u&`O 5[,s8Ua-zekx> aAPZ# Hn~p12`<4B}aw^ww > =1;t?8k0;^rqbYHq\`nmB•B 1E1uL&n3cV(t(y{0!oBY a4[tv;-5ˁr'dCdgGs;M"Yv՟P:7%p pF3N7mf̤3z%.GFcfy aXf^P l R>޾04bX` S/Q Ӗ&(_ZFr6|ڛu[[ZWZ 7P%R&^H||fЂY ^@g%6'v;I<15**صX>]R4bNOYtCIn8"#tAApRl'袻%9L^-X,/=@yQj[1:^@ 9ϑJs2&V3&65Z֤LA ^Ƃ3gj;]ͣ8xk1AΦe~q -+bQǾ!YN9@4߮j,AKP]]SR2; FLtVqPW oϚbN[P@v Bܱnlaʉl*BtFа{lRʁȡ]\9Zc[ mߢNWtIJ&Y:F*|ohJgt8G]1i7;tpfdH8AMʲFSF͊ѿO+[E6MN$'v3[/ hb5~Nv>pc-9^wפL]Wx*M6fYyO~m׬2ph>P>!G {"Tj5ZPV{cFmY%#Yf}הּ=Te,'!ڎ}ZdpJ0K%*|iXwhX!44M,Zv#Dn}hT >Hȯ;7XW؎R(RlI*–en[,V?yL`ȌnWӬL qPx<$PZk/Qv ǩlG6gcZL@UI:Wɮ8H}7$;WQؙ#Q:x!8,CK(Y_x9nPxXZǧrEۮֈ55ޡށ{-h G uK(QA@4ܐ ܮYi'^~V]" ,v2*#kլbTC28Ȑ/ (Ȃ<`'bj217i/| pCC'w?hȆԂoݳ=OhokymmÚY߆Hi]`#<\V`@\7[ 7P#̈^B!Ah6Z$}I+PiB󊩋y]ZL?jy#6m{⚆ksɟ,[ H@tJk\/nH{;W9G P>m\,Ydmw^{mu%g]răư[Ӊ)n#LF*$L > @r+YXXyȓ9ΝކL0C 883e?4 yG-[)( ;*2L*g)f$XxYFwM[1> n*Ԏ34Oǻ[\ *]ԗÎ~G+j xh0N+eyTWJii1d80wDq6bjē"p=F)-9 N.Hj.'|oa v<97cA ң^iFYȶ5 I Ԣ^fAVն6<[ȿeI+'K֠k -wr8SGd%osyg`&{`xD;yV zsȒl`ρ7&ū9$&M4 /d5p(Kդ蝢PdyC@OzA٫nb.*q,ZDBgi-STmK*<8qI!6%٠2 W?Y2V(C;i> (~Sfg}WN,xSTx[a_Q^=pY-E;Qv&GEdvLB])ڌu? =U9 ΋,рurjPF0>$ԋE@Gxˬk3g !!㦶HEB^;, @~nn2FGvA {=mIU[1ǪqobƽsBX_X92*y1=6. F[ 3rc^"VW$﷤5?Gx+o{e1[z/ڊkll5T΁RCґ5\JMԲ,nÎri9ػq-Vw` LE/MLћq.N)XKl],K>' (TqhYRBytK5.jFړ =6)Xq 7t xwJ#LtJ6hco=|9!_ -]yw' H1&d hғe={QŒ QU,HűYm9_ H獅!LdFku7<(8564#2:%J Sxw%ST K \{p>Hf&= u?1JΏwC0k+ZA+D5샬R'Vi|L3 4G;VtpZ`484 ȟ8nAV c506C9$sc7KY4Kyx,O1.'B<  @p<)>>MF)/eeo¥NY_CϤ)#>5M .!Ǘ"W72tOr|"7Ul%HjI3Uly,,ZY;$h 5! qRCLeJD3!3.1O|֪@%7jU\F־teX12Y!03fAe< at4 8Į]~wFmeM8GˬYsG(.dr I&:ZAlVkh .Qo̊k:q";svx~ɪFD֒I3`Bn5)ߗ`@ BF~yvp?Mԍ]Bt Ey!L^_K'$K)I!ƕ}7*UcgڗiBLgGTɦ|WtjhJoIȅ9i!)GjTr NSSea\#Ҹ[#آ$bCaSE5j6D@0$%l"i KĊso\qnK*ʼn//f(& He19憞QG w+Aߎ QR.}a va*-BŜD: 7o˴'% :&Mh8OyM!IX}zRR2Q1M"w|KEΔ^pfT$ls̉J*X36"-] @mwx`:9*84q}:*ݜ}CmRI~E? n oB"s!AhxE)yu݊31Ύ-YQ7D~llJB󷩝2`$sPQfH'5В_ @4Y2lP{ 3`AP Vnk RB 9Mݸ$K9PubS-slVv85!Q{& 9('UkO9wmBi0WEd+^r"4l t=we.w rװ זo}'IP| =;5gq {uf$9؈C;xݱbm}3]x$O[R6M.Ԏh0ٻ=jxbX_;1a}}r!ž[i<f *ҳ/(7Y?JN3v ڜ :'wo`Zj$~BiGaĜ7_8iOyXKc4F]X4ӐH[<99/\3ტ,%"X k֬X ypvq\LCZnAsf#t{V(" q 3kgnC^BǠbD4i8B +^֜ #֜kRꅆleBpE5ZUONphD;"X4XGbe?.4[oVb> E5\.< NS/(J^ JѮEBQ_>~\d))w1I ,(>{o]1Dvv BBI|ֆ >^h .I!E;+XNP֍(X, ӸbQ0XarsJB9''c!TiQoh_F|l.yŵI $^PWtǎ N[Ykxr N9RC<XPUzlm I?9a:q>r\ gҎ08:a;K'znMRq<Ҵ#'$ţ8nYnru_t̐B9RrbU)M)~XwK)5Yt$TJ11Fy,v{,R ]gܶf˵:H>X ZzQ f%ʸ$ZZjrՇ\ ı-5C59`> \37b)>^=|rn6bJ .k{8BEjdUb! Di'{X偤^+`Lv Or3}O?IfLb%qK+^'m~C)1=:Mqw=Jժ9j|sйzb2a2qqYGj$%D]v5DICR Bh!ĺŒa/*@͑bw{`47 Hg jd7&|B5S'O+Ha"c6-s.`ͭW\MόNy]_՘OT*[_p9rǬ#^ɡxY5ٟ:dMc~gu LYgҏ~x.;75I|H \rP7h<'c#:m[Ӏd=0Pf\ ©S._k(Ԟ. i! Г:J:$Gٿ@b*E;'!kӝ54hgaCH ajoTm숕ʢ;@` I8S]%}\ c)]7J"B?Y/fQ^dǃڨIT1ȋ, S%`]#_t%sǷF} ɽ* քӠF|!.. K/qw%ҭ :M, 4`Fc!}e!՝tko7j;J3#8ܢbsS1!=_I ?.N1->| E(pۉs8bv|ꆁx芯3a7$kZ%@1ߠbe;wFbةɞ}\mo 0h{}ž Zn3lT(!d@S _֘YoĐ "u12Dǽ+2f$?*x(Neh~kj=D{y?Ҥ1UP($sV;^* +Ks>?FBU)5>~pgLao/}ۇj@yFRSqӲLuzd D  gAX+R1_1y 9lϗD1sxyQ>atޞ|qJνxTR;/;е8̀ \)gD~jӃ2c rg21aΛoZ$0($S*%\XXAXiYJ#&<]#j1^j"V-K}].)nFZio8CދgeE=1e ʆ/I_mscT+r{3Wtt!uoL7mGc L|CpSe}Už kH|*9]r`-z* c@=0 sŅ i&M`k^ Mo\2HK.Bܽ|qqV)kҖ˕f-;<)F<#LpWrAYm|Rxޗl{TWC`zČL>D'gUߺdHki!ؚ֒T)ܙ(hDo )'-5l)瘴8u(XIb$y#~ZKr!9^J@ Y6}cI'2,dH'9d)6u5- dMCK4rs7󭍃g B1#n@M.9m~Cd2V?.pp$GP$Y5itѮj`m!П%x2/Ŀ~äwLPuBun` _ 2d!ߔ=_qlĸ,:(B{5H1.}ϟ}^C\7C;|kegg/^ {H͋( z= Xr5,OIJ=]L:"AKM3r**QtR+ 2בcf}aR;!/9ٽ/AWT,宫w `.CϯPW׫h N-dtzv{е/db,ϧAx7lGW)lvקWs0$[= N`JK :<?| }wúl$^{ۅBhn׶r}}>owW#/fake-1.1.11/docs/redundant_linux.tar.gz0000600001567400156740000003544311225055712017052 0ustar hormshormsv86redundant_linux.tar\msܸޯ_KrJ7Vͮ]jSg9 Ѡ!xVtpF#ˎmά]FwnN:KTVwj7Kp(p4_)W h`Dx7r fmJ)~_Qˇ灯rCϽJbaVG? x;odp.%~+SUSj9KSG%<.e½8{3rO'~?a_˓ $2<Z#pVON|tđ1l߷c36Cj:׾ z67Db;ٴ}/bjR7MCjb?ԴLK+&3;Ϧ曈OfAI36Lgx?Ć ٞg3_Pp詪ЛW/|o* c"JCz2@iݷ= !о:Z|x^?@6F3 G1d z>3jSUK898g[G KC}1CT*0n. huIbMSƌ4 dBuylFÑe UIHr̋θWe,L̜ch!c.zKR @BE (%A@Ysh' Âci+= FU@_ 0Ѥl[mkK =ƄLWTJ-rD$7Lnʜke4 ?5VK;$s_0c`)9qF fiչ)n˫tY4j"m"vnN m@(..dvK5կlMكTxH?fEn~q33s 3xI͖Kyacl{(&t-ҀuVnJ02i V@* L`X̿vv/zmsX_x{qG/>a >ïC\w_tS>44Ԅ)XZ<IO0Џ)dG *$jpa})_-]9F{o8_ (^(HDd_hjċ,F, ^sE) '{k X@F" ^(Ǹ ; h$u7 6B`;ݧ |yy >7n0݄=Oo%8F,Gla2テt0y&GxL|y`8tNxk ?*\%epn ?c`WB8l1ަâ`#d$Qpd8_; ծW+꿇_)5w+k?2}'EOc%Wd/Nsg\EnwS:ñX )e.?]GZBNYBKgTZY6Gn~%l($`)όԉp3iIp($bi4KEzŦWmUujwVLF=P2l%lRoc3f&:\/ebN~)߮\= x  p'7T`5|-W~4]ĺ|pS7UjOIN '%%[+jI ++B#88b)t3!TT8:W&s2nm V' }sN:5!dhLw"bOJ63#tf/bfݣtRA˶1)+|3@pI咆r)ह^i 73,u4S!ȤGTYFO˅1&2A%}\Fl* nj4RB7drY h)ԋt))D"rBЀ>%"aRga|ㅱXoU 4 K^!Ԟ|bh h^7bB{Sq1ɵUrc~vL5`njq6M%)=Ʒp,@;( ~u90Tf3}AxɤQM;/4o۵LX)"N3-޲0eVc(Gb3٤7t<*Dg\ֿgI1z8?ZR)c:悹Uéb}!IO9jEm8凅TS2K" CƗca/.~Gk6mWpÌzz3}rp~fMj9w>8h?f͘gnTV]-A,2ԉЅK6}|%b˦zg;ukDj rFk^B|^.906t4kK:6#o& TZkM[Zs|pQqLjWdEI՛msFdH87n+`^ OZTENj\qPshYQ\SXwv^8fNB/W]-!0^D4< 62lhW qa 2P37ԑf$7бOҨ1&^1PVt6/Tm[kYgtI>}G3޿dyqq3{Q产C?{cWKr=g\7-Uikp?a_MnzG7λpge[B`U)(M0d;Vl`<-BYLM쏞[xn`mk.Yu.[htDQU)yl ~RE%}A3t=z וDړWSߓMeFRXb]`8+nCҸj?ќN M(ZMSx7bxBTCEpX3 nڗ-=A w Y=6 {G>mcW]VA^LSW[xյ] + 4ŢN2U:s^tZf-HpdWYy !VW3ZnIaYHחjۼĖ-c)t0зbrEȅo $JGuvyNiLCa8m؎5:WQ\͕?Z/D$m2 D-yJv5|??h&)׺O*ؼE`EY]z`6綍,ݟ (riēFI+VY殦j@0 %1*on4@R$%P31EswnW}wYKux;dZ;su0nedHթz: *A:+VhXo!Od >91 rX-  e_JG9!ń7gnu14(n#QV8;3fG6S}l,qG[hh/ A~PӫYR] .`=\їkN{`+K+`Ho23:ЫƐ *e$~ ~t&#Jby1TeR/̩x0kMOX/ Ql;6,p$XKm8`=6Bj%g>7ißB@R۩TƵ|59=Cy(xd5^V=`t!j15^hMJo Otitt] ؊ë>WխGnZy/o!v^֎o]N?=;S2#k"cȣUO$30&TBH~sfbw|0{\ffj^qhI4,h.^YJ(/yc`f2Fo1C&F?ij'!v)]k8(k;^1ؗ,?q)xw\dͪ;ɔ/ P+Z;8Q"N!P Ytާ5',jE'29g(|!Oprl^pKB=+J tfEzِ.. pRx@h4%NqQЈ]O:*'ny=B*`*dHKe۲>e45EZV~wJP- ]Λ(W`~Gjr =M?#CAy"I]ЗKo0imKX tj76TfB%KzY*zvƚ㑜ݴ[`syzPh8!Tc6PcX^$kGbH6%5kx)\a$rF H)iH܇bDT([EG2RXx&Sg1W &m"!j؀x-`6FtO0=Q1)"9@"b-$FK7:"$9o7hQ5f9H\'ݘo^/J Fǯ?>~p:Tv<9#,8?z7nUh?~=%G.nNk6m89"lc)I#uI,!\HUm<)DHv JBz߷ .wȯ6HT&amx#fV:/{+;Zk!DYZn b߼qY̶,cRHH ϞgmטP`E HY b8 PUEi,%LCJhM8ʑ5"\ipF!e*p,\\H*΅) W :5-K+v !U7)T<3ßh CJ) 9Z>"VܠflMy4:oA0cIBZ)Ѷ t\^@GF$2Q 8ID2Cc]H$U?{RG>] e)uK^L輂?ʲV H={X&qI\?iԪ6, S n&1ΥҖReL3jzF/2 ),I(M͐o +Nޕl~mX<$TgQ-K$YBdՔ+U9&3[J)$S(]9 غ]{$DRQC/31)RSU$F>EMH0^/ɺR[9BQg< E?=-:Clj1ݶjpcǫL(wnpgfpx"%1ΞGuJ; &aX3-04US[-q.PG9!NԆ iH;  Seƾgè݆2K/ƪp|VPn-:-SZӮ/L{B \i:ST*>햘"'Pb$ۛ{[-UqA׭|[A(;uFWzqZobjax#J&~hF- *RSmW"'ܥDsʮSkk!=!T4ŰпA fX$;jfjA6-?pj_7C<Ȩߵ-2ZtN_!WdW!`Wvg̱."I|l7 6kF8?'gd <ocniFMxr] e4j1x,ؐUC~4Ok w0r3ش4Q*©`'",')HFe7݀ZV]K%mEܪ[Gr9,.[PG䘵B$- 4z%2i@0RS~O ȋa6t 0*#Mb|TǸ9Y0av!L*ըFw3/p $H82 1F扁E'jE]e_Sƅ d)H>(iVBPgiX|&rDcW&!|E !Jm.Z_- {@zA8+HRlG)L< dL'tĸE۲ސEak$?bY.?uWD|}3* Mr'_\Dԝ`/r_R8i󧘥nod2럼/ Mhve]0v؇3(Bܲ2󛸀nV;R[?q|t u^ Ah[>)2}6? Ogi4 z!o})ɬU]mr7۱R_CZ?o;]ߺȈi3A(V |}@QE'~!w5)PajX_.6RR`h<^GBL`_Vʢ]. ~^f+3G 9Wf &̍WV}žx܆?8Ap/`ߣjF >]QFتMK0}R `W|E >GgYW/-S3/!ķ^Y_AqA[_|?Q[4Lmn}tHmgx^5_5/?Vǒx$l׏ w_J%^K\'n\tn@|Mw[ uW xmx%dNyٞڊz٭\(|^wzˆe gջd y!d{>%n95Z;1Sk:.OD+72A܁&yEd^OC~b-s~. Ȩl/HofSs4#䚮<?a2?[?o?~ǫ*p9*_⴨e=b%_c87ɳ؄#Q?%&ay{r?'qvio!i4o%k!x+X#-讟dZUv7^T_e)4F|8 ",Y.qVfPU+:`5HeiV%0˟,]:LB g { A {gfjH= `YԨךyyyyyyyyyyyy$?@fake-1.1.11/heartbeat/0000700001567400156740000000000011225055712013514 5ustar hormshormsfake-1.1.11/heartbeat/Makefile0000600001567400156740000000244511225055712015163 0ustar hormshorms###################################################################### # Makefile for fake October 2002 # Horms horms@verge.net.au # # Fake # Script to spoof an ip # Designed to create redundant servers # Copyright (C) 1998 Horms # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, ###################################################################### ROOT_DIR= RESOURCE=fake HB_RESOURCE_DIR=$(ROOT_DIR)/usr/lib/heartbeat .PHONY: all install clean all: clean: install: all test -d $(HB_RESOURCE_DIR) || mkdir -p $(HB_RESOURCE_DIR) install -c -m 755 $(RESOURCE) $(HB_RESOURCE_DIR) fake-1.1.11/heartbeat/fake0000600001567400156740000000155211225055712014352 0ustar hormshorms#!/bin/sh # # /etc/ha.d/resource.d/fake - a heartbeat resource file # # We can pipe every output of fake to /dev/null because it appears # in the syslog, too. # set -u usage () { echo "Usage: $0 {start|stop|restart|status}" exit 1 } if [ "$#" != 2 ]; then usage; fi case "$2" in start) touch /var/run/fake.$1 nohup fake $1 >/dev/null 2>&1 & ;; stop) rm -f /var/run/fake.$1 fake remove $1 >/dev/null 2>&1 ;; restart) $0 stop $0 start ;; status) if [ -f /var/run/fake.$1 ]; then echo running else echo stopped fi ;; *) usage; ;; esac exit 0 # vim: ts=4 fake-1.1.11/instance_config/0000700001567400156740000000000011225055712014706 5ustar hormshormsfake-1.1.11/instance_config/192.168.89.19.cfg0000600001567400156740000000470511225055712016716 0ustar hormshorms# Sample instance configuration file for fake # IFCONFIG # Set to TRUE to bring up and shutdown the interface # Set to FALSE to leave the interface alone # default: false IFCONFIG=FALSE # SPOOF_IP # ipaddress to spoof # The name of this file should be /etc/fake/instance_config/SPOOF_IP.cfg # e.g. /etc/fake/instance_config/192.168.89.19.cfg # No default SPOOF_IP=192.168.89.19 # SPOOF_NETMASK # netmask of the network that SPOOF_IP belongs to # Only used if IFCONFIG=TRUE # No default #SPOOF_NETMASK=255.255.255.0 # SPOOF_BROADCAST # netmask of the network that SPOOF_IP belongs to # broadcast address of the network that SPOOF_IP belongs to # No default SPOOF_BROADCAST=192.168.89.255 # TARGET_INTERFACE # local interface to create with SPOOF_IP # Also used as the interface to send arp packets from # No default TARGET_INTERFACE=eth0 # SEND_ARP_TARG_HW # Mac address to send arp packets to # default: ff:ff:ff:ff:ff:ff SEND_ARP_TARG_HW=00:33:33:33:33:33 # SEND_ARP_TARG_IP # IP address to send arp packets to # default: SPOOF_BROADCAST SEND_ARP_TARG_IP=192.168.89.254 # Delay between ARP packets in seconds ARP_DELAY=5 # The values below are only needed if you wish to send gratuitous arp # advertising the "real" mac address when turning fake off # Comment them out if you do not want this feature # Set FOREIGN_INTERFACE to STATIC and define # FOREIGN_MACADDR for a static mac address for the interface # on the foreign host. # Else define FOREIGN_INTERFACE to be the name of the # interface on the remote host and FAKE_RSH to be # the name of the RSH command to use (usually rsh or ssh). # FOREIGN_INTERFACE # Interface on foreign host for SPOOF_IP # Used to determine the foreign mac address of SPOOF_IP # May be STATIC in which case FOREIGN_MACADDR should be set # to the mac address to use # May be unset, in which case the foreign mac address will not be # adverstiesed # Default is unset FOREIGN_INTERFACE=STATIC # FOREIGN_MACADDR # Mac address to advertise when turning fake off # Only used if FOREIGN_INTERFACE is STATIC # No default FOREIGN_MACADDR=00:22:22:22:22:22 # FAKE_RSH # RSH programme to use to log into the foreign host # to determine the "real" mac address of SPOOF_IP. # Usually rsh or ssh. # Only used if FOREIGN_INTERFACE is set and is not STATIC # No default FAKE_RSH=ssh # FOREIGN_ARP # Number of times to send an ARP packet adversising the foeign # mac address when turning fake off # Only used if FOREIGN_INTERFACE is STATIC # No default FOREIGN_ARP=20 fake-1.1.11/instance_config/203.12.97.7.cfg0000600001567400156740000000467711225055712016537 0ustar hormshorms# Sample instance configuration file for fake # IFCONFIG # Set to TRUE to bring up and shutdown the interface # Set to FALSE to leave the interface alone # default: false IFCONFIG=TRUE # SPOOF_IP # ipaddress to spoof # The name of this file should be /etc/fake/instance_config/SPOOF_IP.cfg # e.g. /etc/fake/instance_config/203.12.97.7.cfg # No default SPOOF_IP=203.12.97.7 # SPOOF_NETMASK # netmask of the network that SPOOF_IP belongs to # Only used if IFCONFIG=TRUE # No default SPOOF_NETMASK=255.255.255.0 # SPOOF_BROADCAST # netmask of the network that SPOOF_IP belongs to # broadcast address of the network that SPOOF_IP belongs to # No default SPOOF_BROADCAST=203.12.97.0 # TARGET_INTERFACE # local interface to create with SPOOF_IP # Also used as the interface to send arp packets from # No default TARGET_INTERFACE=eth0:2 # SEND_ARP_TARG_HW # Mac address to send arp packets to # default: ff:ff:ff:ff:ff:ff #SEND_ARP_TARG_HW=00:33:33:33:33:33 # SEND_ARP_TARG_IP # IP address to send arp packets to # default: SPOOF_BROADCAST #SEND_ARP_TARG_IP=192.168.89.254 # Delay between ARP packets in seconds ARP_DELAY=5 # The values below are only needed if you wish to send gratuitous arp # advertising the "real" mac address when turning fake off # Comment them out if you do not want this feature # Set FOREIGN_INTERFACE to STATIC and define # FOREIGN_MACADDR for a static mac address for the interface # on the foreign host. # Else define FOREIGN_INTERFACE to be the name of the # interface on the remote host and FAKE_RSH to be # the name of the RSH command to use (usually rsh or ssh). # FOREIGN_INTERFACE # Interface on foreign host for SPOOF_IP # Used to determine the foreign mac address of SPOOF_IP # May be STATIC in which case FOREIGN_MACADDR should be set # to the mac address to use # May be unset, in which case the foreign mac address will not be # adverstiesed # Default is unset FOREIGN_INTERFACE=eth0 # FOREIGN_MACADDR # Mac address to advertise when turning fake off # Only used if FOREIGN_INTERFACE is STATIC # No default #FOREIGN_MACADDR=00:22:22:22:22:22 # FAKE_RSH # RSH programme to use to log into the foreign host # to determine the "real" mac address of SPOOF_IP. # Usually rsh or ssh. # Only used if FOREIGN_INTERFACE is set and is not STATIC # No default FAKE_RSH=ssh # FOREIGN_ARP # Number of times to send an ARP packet adversising the foeign # mac address when turning fake off # Only used if FOREIGN_INTERFACE is STATIC # No default FOREIGN_ARP=20 fake-1.1.11/send_arp/0000700001567400156740000000000011225055712013350 5ustar hormshormsfake-1.1.11/send_arp/send_arp.c0000600001567400156740000000717511225055712015323 0ustar hormshorms/* send_arp.c This program sends out one ARP packet with source/target IP and Ethernet hardware addresses suuplied by the user. It compiles and works on Linux and will probably work on any Unix that has SOCK_PACKET. The idea behind this program is a proof of a concept, nothing more. It comes as is, no warranty. However, you're allowed to use it under one condition: you must use your brain simultaneously. If this condition is not met, you shall forget about this program and go RTFM immediately. yuri volobuev'97 volobuev@t1.chem.umn.edu */ #include #include #include #include #include #include #include #include #include #include #define ETH_HW_ADDR_LEN 6 #define IP_ADDR_LEN 4 #define ARP_FRAME_TYPE 0x0806 #define ETHER_HW_TYPE 1 #define IP_PROTO_TYPE 0x0800 #define OP_ARP_REQUEST 2 #define DEFAULT_DEVICE "eth0" char usage[]={"send_arp: sends out custom ARP packet. yuri volobuev'97\n\ \tusage: send_arp src_ip_addr src_hw_addr targ_ip_addr tar_hw_addr\n\n"}; struct arp_packet { u_char targ_hw_addr[ETH_HW_ADDR_LEN]; u_char src_hw_addr[ETH_HW_ADDR_LEN]; u_short frame_type; u_short hw_type; u_short prot_type; u_char hw_addr_size; u_char prot_addr_size; u_short op; u_char sndr_hw_addr[ETH_HW_ADDR_LEN]; u_char sndr_ip_addr[IP_ADDR_LEN]; u_char rcpt_hw_addr[ETH_HW_ADDR_LEN]; u_char rcpt_ip_addr[IP_ADDR_LEN]; u_char padding[18]; }; void die(char *); void get_ip_addr(struct in_addr*,char*); void get_hw_addr(char*,char*); int main(int argc,char** argv){ struct in_addr src_in_addr,targ_in_addr; struct arp_packet pkt; struct sockaddr sa; int sock; if(argc != 5)die(usage); sock=socket(AF_INET,SOCK_PACKET,htons(ETH_P_RARP)); if(sock<0){ perror("socket"); exit(1); } pkt.frame_type = htons(ARP_FRAME_TYPE); pkt.hw_type = htons(ETHER_HW_TYPE); pkt.prot_type = htons(IP_PROTO_TYPE); pkt.hw_addr_size = ETH_HW_ADDR_LEN; pkt.prot_addr_size = IP_ADDR_LEN; pkt.op=htons(OP_ARP_REQUEST); get_hw_addr(pkt.targ_hw_addr,argv[4]); get_hw_addr(pkt.rcpt_hw_addr,argv[4]); get_hw_addr(pkt.src_hw_addr,argv[2]); get_hw_addr(pkt.sndr_hw_addr,argv[2]); get_ip_addr(&src_in_addr,argv[1]); get_ip_addr(&targ_in_addr,argv[3]); memcpy(pkt.sndr_ip_addr,&src_in_addr,IP_ADDR_LEN); memcpy(pkt.rcpt_ip_addr,&targ_in_addr,IP_ADDR_LEN); bzero(pkt.padding,18); strcpy(sa.sa_data,DEFAULT_DEVICE); if(sendto(sock,&pkt,sizeof(pkt),0,&sa,sizeof(sa)) < 0){ perror("sendto"); exit(1); } exit(0); } void die(char* str){ fprintf(stderr,"%s\n",str); exit(1); } void get_ip_addr(struct in_addr* in_addr,char* str){ struct hostent *hostp; in_addr->s_addr=inet_addr(str); if(in_addr->s_addr == -1){ if( (hostp = gethostbyname(str))) bcopy(hostp->h_addr,in_addr,hostp->h_length); else { fprintf(stderr,"send_arp: unknown host %s\n",str); exit(1); } } } void get_hw_addr(char* buf,char* str){ int i; char c,val; for(i=0;i= 'a' && c <= 'f') val = c-'a'+10; else die("Invalid hardware address"); *buf = val << 4; if( !(c = tolower(*str++))) die("Invalid hardware address"); if(isdigit(c)) val = c-'0'; else if(c >= 'a' && c <= 'f') val = c-'a'+10; else die("Invalid hardware address"); *buf++ |= val; if(*str == ':')str++; } } fake-1.1.11/ChangeLog0000600001567400156740000001272311225056071013335 0ustar hormshormsfake Simon Horman Change Log ---------------------------------------------------------------------- 8th July 2009 (Simon Horman) * Version 1.1.11 - Don't die if FOREIGN_INTERFACE isn't set as it isn't mandatory (Juha Heinanen) - Bashisms + Debian clean-up * Non-maintainer upload. * Fix bashism. (Closes: #530079) * debian/rules: + Don't ignore errors by make; + Use $(CURDIR) instead of pwd. * debian/compat: bump to level five. * debian/control: + Bump versioned dependency on debhelper. + Add dependency on misc:Depends (Raphael Geissert) ---------------------------------------------------------------------- 11th June 2004 (Simon Horman) * Version 1.1.10 - removed unused LOG_DIR configuration directive. Thomas Hood - Only log to syslog, previously logged to stdout as well - Fixed typos in fake(8) man page. Thomas Hood ---------------------------------------------------------------------- 8th June 2004 (Simon Horman) * Version 1.1.9 - send gratuitous arp replies as well as requests - try to send gratuitous arp in accordance with rfc 2002 (4.9) - minor documentation update ---------------------------------------------------------------------- 21st October 2002 (Simon Horman) * Version 1.1.8 - moved binaries to /usr/sbin (Patrick Koppen) - removed Obsoletes and Docdir from specfile (Patrick Koppen) - moved 'make patch' from %setup to %build (otherwise rpm -bp won't work) (Patrick Koppen) - added MAN8_DIR=... in %install to use %{_mandir} (Patrick Koppen) - removed %post and %postun (Patrick Koppen) - moved 203.12.97.7.cfg from etc to doc (Patrick Koppen) - changed send_arp.8 and send_arp.patch (Patrick Koppen) send_arp now handles different layer2/3 adresses (Patrick Koppen) - Make sure "LANG" environment variable is not set (Christian Hammers) - Added heartbeat resource script for fake (Christian Hammers) ---------------------------------------------------------------------- 7th January 2002 (Simon Horman) * Version 1.1.7 - send up takes notice of TARGET_INTERFACE directive "William Jordan" ---------------------------------------------------------------------- 19th February 2001 (Simon Horman) * Version 1.1.6 - Cleaned up handling of Locale - Added Man Pages - Created Debian Packages - Moved pid files from /etc/fake/run/.pid to /var/run/fake..pid ---------------------------------------------------------------------- 22nd November 1999 (Simon Horman) * Version 1.1.5 Translated contacts from zipworld to vergenet ---------------------------------------------------------------------- 14th November 1999 (Simon Horman) * Version 1.1.4 - Setting locale to other than english caused mac address determination to fail. ---------------------------------------------------------------------- 22nd September 1999 (Simon Horman) * Version 1.1.3 - Running a second instance of fake for the same instance-configuration caused the second instance to signal the first which in turn signalled the second instance to shutdown. USR1 is now used for fake to tell other instances to exit without cleaning up to avoid this problem. ---------------------------------------------------------------------- 15th May 1999 (Simon Horman) * Version 1.1.2 - SIGHUP and SIGTERM now cause fake to clean up and exit. Previously SIGHUP was ignored and SIGTERM caused fake to log that it was exiting and exit without cleaning up. This allows fake to be nicely killed by signals as well as by running "fake remove". Thanks to Tom Vogt for suggesting this as part of his Heart package. ---------------------------------------------------------------------- 12th February 1999 (Simon Horman) * Version 1.1.1 - Made Bash 2.0 compliant ---------------------------------------------------------------------- 6th January 1999 (Simon Horman) * Version 1.1.0 - Added functionality to allow "real" mac address to be advertised using gratuitous ARP as fake is turned off. The mac address is dynamically discovered by running ifconfig on the foreign host. This eliminates the problem of configuring a mac address that becomes obsolete and causing network weirdness. ---------------------------------------------------------------------- 30th November 1998 (Simon Horman) * Version 1.0.2 - SPOOF_BROADCAST added to config to allow broadcast to be set correctly as ifconfig often guesses wrong ---------------------------------------------------------------------- 4rd November 1998 (Simon Horman) * Version 1.0.1 - Parsing of MAC address from invocation of ifconfig is now tolerant to trailing whitespace ---------------------------------------------------------------------- 29th October 1998 (Simon Horman) * Version 1.0.0 - First public release - Reads all information from config_file - Logs to syslog - Checks that uid = 0 ---------------------------------------------------------------------- 29th July 1998 (Simon Horman) - Does not send ARP when shutting down to avoid the possibility of mac address hijacking due to misconfiguration ---------------------------------------------------------------------- 30th March 1998 (Simon Horman) - Catches HUP, logs and doesn't terminate Catches EXIT, logs and exits Puts timestamps on logs ---------------------------------------------------------------------- 12th January 1998 (Simon Horman) - Set up route to spoofed IP on target interface. fake-1.1.11/.fakerc0000600001567400156740000000201011225055712013004 0ustar hormshorms############################################################ # Set up basic environment for fake # Variables are set as bash variables # i.e. = # # Must set: # ARP_DELAY: Delay in seconds between gratuitous arp # PID_DIR: Directory where pid files are kept # INSTANCE_CONFIG_DIR: Directory where specific # configuration files for an IP address takeover are kept # CLEAR_ROUTERS_FILE: New line delimited list of routers to rsh # to and execute "clear arp-cache" # FAKE_RSH: Programme to use to "rsh" to another machine # to obtain macaddress by running ifconfig # # PATH can be set here to ensure that send_arp is in the # path ############################################################ FAKE_HOME="/etc/fake" #PATH=/sbin:/usr/sbin:/bin:/usr/bin ARP_DELAY=1 CLEAR_ROUTERS_FILE="$FAKE_HOME/clear_routers" PID_DIR="/var/run" INSTANCE_CONFIG_DIR="$FAKE_HOME/instance_config" #Only needed if you wish to send gratuitous arp #advertising the "real" mac address when turning fake off #FAKE_RSH=ssh fake-1.1.11/AUTHORS0000600001567400156740000000004311225055712012624 0ustar hormshormsSimon Horman: fake-1.1.11/COPYING0000600001567400156740000004310511225055712012615 0ustar hormshorms GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19yy name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. fake-1.1.11/clear_routers0000600001567400156740000000040511225055712014352 0ustar hormshorms###################################################################### # List of routers to rsh to and run "clear arp-cache" # Anything including and after a # on a line is ignored ###################################################################### #rocket fake-1.1.11/INSTALL0000600001567400156740000000102511225055712012606 0ustar hormshormsfake INSTALL Horms ---------------------------------------------------------------------- 1. tar -zcf fake-.tar.gz 2. cd fake- 3. make patch && make && make install 4. *** Very Important *** On the machine that you are going to take over the IP address of set up an additional interface so you can access that machine while fake is in operation. This can be an additional physical interface or an IP alias. 5. See the fake(8) man page for details on configuration and running fake-1.1.11/Makefile0000600001567400156740000000522011225055712013216 0ustar hormshorms###################################################################### # Makefile for fake October 1998 # Horms horms@verge.net.au # # Fake # Script to spoof an ip # Designed to create redundant servers # Copyright (C) 1998 Horms # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, ###################################################################### ROOT_DIR= BIN_DIR=$(ROOT_DIR)/usr/sbin BIN=fake CONFIG_DIR=$(ROOT_DIR)/etc/fake CONFIG=.fakerc clear_routers INSTANCE_CONFIG_DIR=$(ROOT_DIR)/etc/fake/instance_config INSTANCE_CONFIG=instance_config/203.12.97.7.cfg \ instance_config/192.168.89.19.cfg MAN8=fake.8 send_arp.8 MAN8_DIR=$(ROOT_DIR)/usr/man/man8 DOC_DIR=$(ROOT_DIR)/usr/doc/fake-1.1.10 DOCS=README AUTHORS COPYING ChangeLog SUBDIR=send_arp heartbeat .PHONY: all install clean patch all: patch for i in $(SUBDIR); do make -C $$i all; done clean: patch for i in $(SUBDIR); do make -C $$i clean; done make unpatch rm -f core send_arp/send_arp.c.orig install: all for i in $(SUBDIR); do make -C $$i install; done test -d $(BIN_DIR) || mkdir -p $(BIN_DIR) install -c -m 755 $(BIN) $(BIN_DIR) test -d $(CONFIG_DIR) || mkdir -p $(CONFIG_DIR) install -c -m 644 $(CONFIG) $(CONFIG_DIR) test -d $(INSTANCE_CONFIG_DIR) || mkdir -p $(INSTANCE_CONFIG_DIR) install -c -m 644 $(INSTANCE_CONFIG) $(INSTANCE_CONFIG_DIR) test -d $(DOC_DIR) || mkdir -p $(DOC_DIR) install -c -m 644 $(DOCS) $(DOC_DIR) test -d $(MAN8_DIR) || mkdir -p $(MAN8_DIR) install -c -m 644 $(MAN8) $(MAN8_DIR) patch: cd send_arp ; test -f Makefile || \ ( patch -p 1 < ../send_arp.patch ; \ patch -p 1 < ../send_arp.dev.patch ; \ patch -p 1 < ../send_arp.l2.patch ; \ patch -p 1 < ../send_arp.request_reply.patch ; ) unpatch: cd send_arp ; test -f Makefile && \ ( patch -p 1 -R < ../send_arp.request_reply.patch ; \ patch -p 1 -R < ../send_arp.l2.patch ; \ patch -p 1 -R < ../send_arp.dev.patch ; \ patch -p 1 -R < ../send_arp.patch ) cd send_arp ; rm -f Makefile fake-1.1.11/README0000600001567400156740000000215111225055712012436 0ustar hormshormsfake README Horms ---------------------------------------------------------------------- Overview -------- Fake is a simple utility designed to enable the switching in of backup servers buy bringing up an additional interface and using ARP spoofing to take over the IP address. Either additional physically or logical interfaces can be used. Variants of the script have been used extensively at Zip World, http://www.zipworld.com.au./ for backing up various servers including the mail, web and proxy servers. Please be aware that though this system has been shown to work you are well advised to test the system thoroughly before putting into production. Please see the docs directory for a more thorough discussion of the process that has been implemented and the issues surrounding its use. send_arp was written by yuri volobuev'97 and is included here for convenience with his permission. The primary site for all other materials relating to this is http://vergenet.net/linux/fake/. For more information on configuring and running fake please see the fake(8) man page. fake-1.1.11/fake.80000600001567400156740000001406611225055712012565 0ustar hormshorms.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" .\" fake.8 .\" Horms horms@verge.net.au .\" .\" Fake .\" Script to spoof an ip .\" Designed to create redundant servers .\" Copyright (C) 1998 Horms .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License as .\" published by the Free Software Foundation; either version 2 of the .\" License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, but .\" WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU .\" General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA .\" 02111-1307 USA .\" .\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" .TH FAKE 8 "9 June 2004" .SH NAME fake \- IP address takeover tool .SH SYNOPSIS \fBfake\fP [\fBremove\fP] \fIIP_ADDRESS\fP .SH DESCRIPTION The \fBfake\fP utility enables the switching in of a backup server by bringing up an additional interface and using ARP spoofing to take over \fIIP_ADDRESS\fP. .PP Variants of the script have been used extensively at Zip World (http://www.zipworld.com.au/) for backing up mail, web and proxy servers. Although this system has been shown to work you are well advised to test the system thoroughly before putting it into production. .PP Please read the documents in \fI/usr/share/doc/fake/\fP for an explanation of how \fBfake\fP works and for a discussion of issues surrounding its use. .SH OPTIONS .TP .B remove Stop the takeover of an IP address. Without this option, fake starts the takeover of an IP address. .SH "GLOBAL CONFIGURATION FILE" The global configuration file is in \fI/etc/fake/.fakerc\fP. The settings there are overridden by those in \fI${HOME}/.fakerc\fP. Here is a sample configuration file. .nf ############################################################ # Set up basic environment for fake # Variables are set as bash variables # i.e. = # # Must set: # ARP_DELAY: Delay in seconds between gratuitous ARP # PID_DIR: Directory where PID files are kept # INSTANCE_CONFIG_DIR: Directory where specific # configuration files for an IP address takeover are kept # CLEAR_ROUTERS_FILE: New line delimited list of routers to rsh # to and execute "clear arp-cache" # FAKE_RSH: Programme to use to "rsh" to another machine # to obtain macaddress by running ifconfig # # PATH can be set here to ensure that send_arp is in the # path ############################################################ FAKE_HOME="/etc/fake" #PATH=/sbin:/usr/sbin:/bin:/usr/bin ARP_DELAY=1 CLEAR_ROUTERS_FILE="$FAKE_HOME/clear_routers" PID_DIR="/var/run" INSTANCE_CONFIG_DIR="$FAKE_HOME/instance_config" #Only needed if you wish to send gratuitous ARP #advertising the "real" mac address when turning fake off #FAKE_RSH=ssh .fi .SH "INSTANCE CONFIGURATION" To configure an instance of \fBfake\fP, create \fI/etc/fake/instance_config/.cfg\fP with the following format: .nf SPOOF_IP= .fi The SPOOF_IP variable must contain the same IP address as appears in the name of the file. This is checked at run time. .nf IFCONFIG=TRUE|FALSE SPOOF_NETMASK= TARGET_INTERFACE= .fi If the IFCONFIG variable is set to \fBTRUE\fP, the address specified by SPOOF_IP will be brought up on the interface specified by TARGET_INTERFACE; SPOOF_NETMASK and TARGET_INTERFACE must also be defined. .PP For obvious reasons it is very important that the TARGET_INTERFACEs of running instances of \fBfake\fP all be different from one another. .PP Optionally if you wish to \fBrsh\fP to the main server and advertise the "real" MAC address when turning \fBfake\fP off then set the following; .nf FOREIGN_INTERFACE= FOREIGN_ARP= .fi To use this last feature in an automated fashion you will need to be able to $FAKE_RSH to $SPOOF_IP from the host that \fBfake\fP runs on without manual authentication. With \fBrsh\fP this is typically achived using \fI.rhosts\fP; with \fBssh\fP an RSH key with an empty passphrase can be employed. .PP Here is an example of \fI/etc/fake/instance_config/203.12.97.7.cfg\fP: .nf SPOOF_IP=203.12.97.7 IFCONFIG=TRUE SPOOF_NETMASK=255.255.255.0 TARGET_INTERFACE=eth0:2 FOREIGN_INTERFACE=eth0 FOREIGN_ARP=5 .fi .SH ACTIVATION To activate \fBfake\fP, run: .nf fake & .fi Logs will be made to the local0.notice syslog facility. .PP On startup you should see messages in the syslog; running \fBifconfig\fP should show the new interface; running \fBroute\fP should show a route for the spoofed IP address on the new interface (which is needed so the machine that \fBfake\fP is running on can communicate correctly to this IP address); and running \fBtcpdump -i arp\fP should show the gratuitous ARP packets. .SH DEACTIVATION To deactivate, run: .nf fake remove .fi .PP As of version 1.1.2 the \fBfake\fP process can be sent a SIGTERM or SIGHUP to effect the removal. .PP On removal you should see a message in the syslog; \fBifconfig\fP should show that the new interface has been removed; \fBroute\fP should show that the new route has been removed; and \fBtcpdump\fP should show that the gratuitous ARP has stopped. .PP .B Note: Activating \fBfake\fP multiple times with the same arguments has the same effect as activating it once. Similarly, deactivating fake multiple times with the same arguments has the same effect as deactivating it once. .SH FILES .TP .I /etc/fake/.fakerc .TP .I /etc/fake/clear_routers .TP .I /etc/fake/instance_config/.cfg .TP .I /var/run/fake..pid .SH AUTHOR Horms fake-1.1.11/fake0000600001567400156740000002476311225055712012424 0ustar hormshorms#!/bin/bash -u ############################################################ # Fake v 1.1.8 February 2001 # Horms horms@verge.net.au # # Fake # Script to spoof an ip # Designed to create redundant servers # Copyright (C) 1998 Horms # # This program is free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License as published by the Free Software Foundation; # either version 2 of the License, or (at your option) any # later version. # # This program is distributed in the hope that it will be # useful, but WITHOUT ANY WARRANTY; without even the implied # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR # PURPOSE. See the GNU General Public License for more # details. # # You should have received a copy of the GNU General Public # License along with this program; if not, write to the Free # Software Foundation, Inc., 59 Temple Place, Suite 330, # Boston, MA 02111-1307 USA ############################################################ ############################################################ # Unset Locale ############################################################ unset LC_ALL unset LANG ############################################################ # Where the default config lies ############################################################ ETC_DIR="/etc/fake" ############################################################ # Check Real UserID is root ############################################################ function check_root { if [ "$(id -ru)" != "0" ]; then die Must be run by the super user fi } ############################################################ # Source rc file ############################################################ function source_rc { local RC_FILENAME="$1" shift local RC_DIRS="$1" shift local VARIABLES="$*" local RC_FOUND="FALSE" unset $VARIABLES for i in $RC_DIRS; do local RC_FILE="${i}/${RC_FILENAME}" if [ -f "$RC_FILE" ]; then log "Sourcing $RC_FILE"; RC_FOUND="TRUE" source "$RC_FILE"; fi done if [ "$RC_FOUND" = "FALSE" ]; then die "No rc file \"$RC_FILENAME\" found in; $RC_DIRS" fi check_set $VARIABLES } ############################################################ # Check if variables are set ############################################################ function check_set { local TMP for i in $*; do TMP=$(eval echo \${$i}) if [ "${TMP:-__NULL__}" = "__NULL__" ]; then die "$i is not set in config file" fi done } ############################################################ # Log signal death ############################################################ function bail { trap - EXIT log "Signal received bailing..." exit 1 } ############################################################ # Log dying ############################################################ function die { log "Fatal Error: $*" exit 1 } ############################################################ # Warn about something ############################################################ function warn { log "Warning: $*" } ############################################################ # ignore signal ############################################################ function ignore { log "Signal received ignoring..." } ############################################################ # shutdown_fake cleanly on signal ############################################################ function shutdown_fake { trap - EXIT log "Signal received shutting down..." fake_off 1 exit } ############################################################ # Log messages with a timestamp ############################################################ function log { #echo $(date) fake[$$] $* logger -p local0.notice -t fake[$$] -- $* } ############################################################ # Ohh my thats a nice usage function ############################################################ function usage { cat<<__EOF__ Usage: fake [remove] ip_addr ip_addr: The ip address to spoof __EOF__ exit 1 } 1>&2 ############################################################ # Parse arguments ############################################################ function parse_arguments { REMOVE="FALSE" local VARIABLES="IFCONFIG SPOOF_IP TARGET_INTERFACE" local INTERFACE_VARIABLES="SPOOF_NETMASK SPOOF_BROADCAST" local FOREIGN_VARIABLES="FOREIGN_ARP" local FOREIGN_STATIC_VARIABLES="FOREIGN_MACADDR" local FOREIGN_DYNAMIC_VARIABLES="FAKE_RSH FOREIGN_INTERFACE" if [ $# -lt 1 ];then usage fi local GIVEN_IP="$1" shift if [ "$GIVEN_IP" = "remove" ]; then REMOVE="TRUE" VARIABLES="SPOOF_IP TARGET_INTERFACE" if [ $# -lt 1 ];then usage fi GIVEN_IP="$1" fi INSTANCE_CONFIG_FILE="${GIVEN_IP}.cfg" source_rc "$INSTANCE_CONFIG_FILE" "$INSTANCE_CONFIG_DIR" "$VARIABLES" if [ "${IFCONFIG}" = "TRUE" ]; then check_set $INTERFACE_VARIABLES fi if [ "${FOREIGN_INTERFACE:-NULL}" != "NULL" ]; then check_set $FOREIGN_VARIABLES if [ "${FOREIGN_INTERFACE}" = "STATIC" ]; then check_set $FOREIGN_STATIC_VARIABLES else check_set $FOREIGN_DYNAMIC_VARIABLES fi fi if [ "$GIVEN_IP" != "$SPOOF_IP" ]; then die "IP address \"$GIVEN_IP\" given as an argument does not match \$SPOOF_IP \"$SPOOF_IP\" in config file" fi PID_FILE="${PID_DIR}/fake.${SPOOF_IP}.pid" } ############################################################ # set_MACADDR # Get the mac address to use # A bit clumsy, but nevermind # usage: set_MACADDR interface # usage: set_MACADDR rsh_programme foreign_host interface # sets MACADDR to the maccaddress of the interface ############################################################ function set_MACADDR(){ local INTERFACE RSH HOST if [ $# -lt 2 ]; then RSH= HOST= INTERFACE=$1 else RSH=$1 HOST=$2 INTERFACE=$3 fi MACADDR=$($RSH $HOST /sbin/ifconfig $INTERFACE | \ fgrep $INTERFACE | sed \ 's/^.*HWaddr \(..\):\(..\):\(..\):\(..\):\(..\):\(..\).*$/\1\2\3\4\5\6/') if [ "${MACADDR:=NULL}" = "NULL" ]; then log "Could not locate obtain hardware address for $TARGET_INTERFACE" fi } ############################################################ # Turn fake on ############################################################ function fake_on(){ log "Turning Fake on." # Tell the user what what is going on log "$(hostname) being $SPOOF_IP" # Create pid file PID_FILE="${PID_DIR}/fake.${SPOOF_IP}.pid" if [ -f $PID_FILE ]; then log "fake appears to be running: $PID_FILE was found: Killing." kill -USR1 $(cat $PID_FILE) fi echo $$ > $PID_FILE || die "Could not write to pid file $PID_FILE" if [ "${IFCONFIG}" = "TRUE" ]; then # Setup the target interface, route and send gratuitous arp /sbin/ifconfig "$TARGET_INTERFACE" $SPOOF_IP netmask $SPOOF_NETMASK \ broadcast $SPOOF_BROADCAST \ || die "Could not bring up interface" /sbin/route add -host $SPOOF_IP "$TARGET_INTERFACE" \ || warn "Could not add local route" fi # Get the mac address to use set_MACADDR $TARGET_INTERFACE #Send gratutious arp log "Sending endless Gratuitous Arp." while [ 1 ]; do /usr/sbin/send_arp \ ${SPOOF_IP} ${MACADDR} \ ${SPOOF_IP} ${MACADDR} \ ${TARGET_INTERFACE} ${MACADDR} FF:FF:FF:FF:FF:FF reply \ || die "Could not send gratuitous arp" sleep $ARP_DELAY /usr/sbin/send_arp \ ${SPOOF_IP} ${MACADDR} \ ${SPOOF_IP} 00:00:00:00:00:00 \ ${TARGET_INTERFACE} ${MACADDR} FF:FF:FF:FF:FF:FF request \ || die "Could not send gratuitous arp" sleep $ARP_DELAY done } ############################################################ # Turn fake off ############################################################ function fake_off(){ local LAYER2_SRC_HW LAYER3_SNDR_HW log "Turning Fake off." #Our Spoofed ip if [ "${IFCONFIG}" = "TRUE" ]; then /sbin/ifconfig $TARGET_INTERFACE down fi #Kill existing fake if [ -f $PID_FILE -a "$(cat $PID_FILE)" != $$ ]; then log "fake appears to be running: $PID_FILE was found: Killing." kill -USR1 $(cat $PID_FILE) rm $PID_FILE || warn "Could not remove $PID_FILE" fi if [ "${FOREIGN_INTERFACE:-NULL}" != "NULL" ]; then log "sending gratuitous arp of original mac address." if [ "${FOREIGN_INTERFACE}" != "STATIC" ]; then set_MACADDR "$FAKE_RSH" "$SPOOF_IP" "$FOREIGN_INTERFACE" else MACADDR=${FOREIGN_MACADDR} fi LAYER3_SNDR_HW=${MACADDR} set_MACADDR $TARGET_INTERFACE LAYER2_SRC_HW=${MACADDR} while [ $FOREIGN_ARP -gt 0 ]; do FOREIGN_ARP=$(($FOREIGN_ARP - 1)) /usr/sbin/send_arp \ ${SPOOF_IP} ${LAYER3_SNDR_HW} \ ${SPOOF_IP} ${LAYER3_SNDR_HW} \ ${TARGET_INTERFACE} \ ${LAYER2_SRC_HW} FF:FF:FF:FF:FF:FF reply \ || die "Could not send gratuitous arp" sleep $ARP_DELAY /usr/sbin/send_arp \ ${SPOOF_IP} ${LAYER3_SNDR_HW} \ ${SPOOF_IP} 00:00:00:00:00:00 \ ${TARGET_INTERFACE} \ ${LAYER2_SRC_HW} FF:FF:FF:FF:FF:FF request \ || die "Could not send gratuitous arp" sleep $ARP_DELAY done fi } ###################################################################### # Some routers may need their arp cache cleared # Works with Cisco routers with rsh access ###################################################################### function clear_remote_arp_cache { #See if the data file exists if [ ! -f "$CLEAR_ROUTERS_FILE" ]; then warn "could not open clear routers file $CLEAR_ROUTERS_FILE" return fi #read in the routers ROUTERS=$(<"$CLEAR_ROUTERS_FILE" sed 's/\#.*//' | tr '\012' ' '; echo) #reset the routers in the background so it doesn't block for ROUTER in $ROUTERS; do CMD="rsh $ROUTER clear arp-cache" log "$CMD" { $CMD >& /dev/null || log "Error executing $CMD" ; } & done } ###################################################################### # The main game ###################################################################### log "Starting with arguments: $@" #set some traps trap bail EXIT trap bail USR1 trap shutdown_fake TERM trap shutdown_fake HUP #make sure we are root check_root #read rc file source_rc .fakerc "${ETC_DIR} ${HOME}" \ ARP_DELAY CLEAR_ROUTERS_FILE PID_DIR INSTANCE_CONFIG_DIR #Check arguments parse_arguments $@ #Looks ok so far so start by clearing the arp cache on some routers clear_remote_arp_cache #Do the deed if [ "$REMOVE" = "TRUE" ]; then fake_off 0 else fake_on fi fake-1.1.11/send_arp.dev.patch0000600001567400156740000000227611225055712015157 0ustar hormshorms--- send_arp.orig/send_arp.c Mon Jan 7 05:07:03 2002 +++ send_arp/send_arp.c Mon Jan 7 05:08:09 2002 @@ -35,7 +35,7 @@ #define DEFAULT_DEVICE "eth0" char usage[]={"send_arp: sends out custom ARP packet. yuri volobuev'97\n\ -\tusage: send_arp src_ip_addr src_hw_addr targ_ip_addr tar_hw_addr\n\n"}; +usage: send_arp src_ip_addr src_hw_addr targ_ip_addr targ_hw_addr [targ_int]\n\n"}; struct arp_packet { u_char targ_hw_addr[ETH_HW_ADDR_LEN]; @@ -62,9 +62,11 @@ struct in_addr src_in_addr,targ_in_addr; struct arp_packet pkt; struct sockaddr sa; +char *c; +int n; int sock; -if(argc != 5)die(usage); +if(argc != 5 && argc !=6)die(usage); sock=socket(AF_INET,SOCK_PACKET,htons(ETH_P_RARP)); if(sock<0){ @@ -92,7 +94,17 @@ bzero(pkt.padding,18); -strcpy(sa.sa_data,DEFAULT_DEVICE); +if (argc!=6) { + strcpy(sa.sa_data,DEFAULT_DEVICE); +} else { + if ((c=strchr(argv[5], ':'))) { + n=c-argv[5]; + strncpy(sa.sa_data, argv[5], n); + *(sa.sa_data+n)='\0'; + } else { + strcpy(sa.sa_data, argv[5]); + } +} if(sendto(sock,&pkt,sizeof(pkt),0,&sa,sizeof(sa)) < 0){ perror("sendto"); exit(1); fake-1.1.11/fake-1.0.1.lsm0000600001567400156740000000110511225055712013632 0ustar hormshormsBegin3 Title: fake Version: 1.0.1 Entered-date: 03NOV98 Description: Fake is a utility that enables the IP address be taken over by bringing up a second interface on the host machine and using gratuitous arp. Designed to switch in backup servers on a LAN. Keywords: ARP Redundancy Author: Horms Maintained-by: Horms Primary-site: ftp.zipworld.com.au /pub/linux/fake Alternate-site: Original-site: Platforms: Linux Copying-policy: GPL End fake-1.1.11/fake-1.0.2.lsm0000600001567400156740000000110511225055712013633 0ustar hormshormsBegin3 Title: fake Version: 1.0.2 Entered-date: 28NOV98 Description: Fake is a utility that enables the IP address be taken over by bringing up a second interface on the host machine and using gratuitous arp. Designed to switch in backup servers on a LAN. Keywords: ARP Redundancy Author: Horms Maintained-by: Horms Primary-site: ftp.zipworld.com.au /pub/linux/fake Alternate-site: Original-site: Platforms: Linux Copying-policy: GPL End fake-1.1.11/fake-1.1.1.lsm0000600001567400156740000000110511225055712013633 0ustar hormshormsBegin3 Title: fake Version: 1.1.1 Entered-date: 10FEB99 Description: Fake is a utility that enables the IP address be taken over by bringing up a second interface on the host machine and using gratuitous arp. Designed to switch in backup servers on a LAN. Keywords: ARP Redundancy Author: Horms Maintained-by: Horms Primary-site: ftp.zipworld.com.au /pub/linux/fake Alternate-site: Original-site: Platforms: Linux Copying-policy: GPL End fake-1.1.11/fake-1.1.2.lsm0000600001567400156740000000110511225055712013634 0ustar hormshormsBegin3 Title: fake Version: 1.1.2 Entered-date: 15MAY99 Description: Fake is a utility that enables the IP address be taken over by bringing up a second interface on the host machine and using gratuitous arp. Designed to switch in backup servers on a LAN. Keywords: ARP Redundancy Author: Horms Maintained-by: Horms Primary-site: ftp.zipworld.com.au /pub/linux/fake Alternate-site: Original-site: Platforms: Linux Copying-policy: GPL End fake-1.1.11/fake-1.1.3.lsm0000600001567400156740000000106411225055712013641 0ustar hormshormsBegin3 Title: fake Version: 1.1.3 Entered-date: 22SEP99 Description: Fake is a utility that enables the IP address be taken over by bringing up a second interface on the host machine and using gratuitous arp. Designed to switch in backup servers on a LAN. Keywords: ARP Redundancy Author: Horms Maintained-by: Horms Primary-site: ftp.vergenet.net /pub/fake Alternate-site: Original-site: Platforms: Linux Copying-policy: GPL End fake-1.1.11/fake-1.1.4.lsm0000600001567400156740000000111711225055712013641 0ustar hormshormsBegin3 Title: fake Version: 1.1.4 Entered-date: 15NOV99 Description: Fake is a utility that enables the IP address be taken over by bringing up a second interface on the host machine and using gratuitous arp. Designed to switch in backup servers on a LAN. Keywords: ARP Redundancy High Availability Cluster Author: Horms Maintained-by: Horms Primary-site: ftp.vergenet.net /pub/fake Alternate-site: Original-site: Platforms: Linux Copying-policy: GPL End fake-1.1.11/fake-1.1.5.lsm0000600001567400156740000000111711225055712013642 0ustar hormshormsBegin3 Title: fake Version: 1.1.5 Entered-date: 15NOV99 Description: Fake is a utility that enables the IP address be taken over by bringing up a second interface on the host machine and using gratuitous arp. Designed to switch in backup servers on a LAN. Keywords: ARP Redundancy High Availability Cluster Author: Horms Maintained-by: Horms Primary-site: ftp.vergenet.net /pub/fake Alternate-site: Original-site: Platforms: Linux Copying-policy: GPL End fake-1.1.11/fake-1.1.6.lsm0000600001567400156740000000111711225055712013643 0ustar hormshormsBegin3 Title: fake Version: 1.1.6 Entered-date: 19FEB01 Description: Fake is a utility that enables the IP address be taken over by bringing up a second interface on the host machine and using gratuitous arp. Designed to switch in backup servers on a LAN. Keywords: ARP Redundancy High Availability Cluster Author: Horms Maintained-by: Horms Primary-site: ftp.vergenet.net /pub/fake Alternate-site: Original-site: Platforms: Linux Copying-policy: GPL End fake-1.1.11/fake-1.1.7.lsm0000600001567400156740000000111711225055712013644 0ustar hormshormsBegin3 Title: fake Version: 1.1.7 Entered-date: 07JAN02 Description: Fake is a utility that enables the IP address be taken over by bringing up a second interface on the host machine and using gratuitous arp. Designed to switch in backup servers on a LAN. Keywords: ARP Redundancy High Availability Cluster Author: Horms Maintained-by: Horms Primary-site: ftp.vergenet.net /pub/fake Alternate-site: Original-site: Platforms: Linux Copying-policy: GPL End fake-1.1.11/fake-1.1.8.lsm0000600001567400156740000000112711225055712013646 0ustar hormshormsBegin3 Title: fake Version: 1.1.8 Entered-date: 21OCT02 Description: Fake is a utility that enables the IP address be taken over by bringing up a second interface on the host machine and using gratuitous arp. Designed to switch in backup servers on a LAN. Keywords: ARP Redundancy High Availability Cluster Author: Horms Maintained-by: Horms Primary-site: http://www.vergenet.net/linux/fake Alternate-site: Original-site: Platforms: Linux Copying-policy: GPL End fake-1.1.11/fake.spec0000600001567400156740000000237611225055712013351 0ustar hormshorms# Note that this is NOT a relocatable package %define ver 1.1.8 %define rel 1 %define prefix /usr Summary: Switches in redundant servers using arp spoofing Name: fake Version: %ver Release: %rel Copyright: GPL Group: Networking/Utilities Source: http://www.vergenet.net/linux/fake/download/%{ver}/fake-%{ver}.tar.gz Obsoletes: fake BuildRoot: /tmp/fake-root Packager: Horms URL: http://www.vergenet.net/linux/fake/ %description Fake is a utility that enables the IP address be taken over by bringing up a second interface on the host machine and using gratuitous arp. Designed to switch in backup servers on a LAN. %prep %setup -n fake-%{ver} #%patch -p1 %build make patch make CFLAGS="$RPM_OPT_FLAGS -s" %install rm -rf $RPM_BUILD_ROOT make ROOT_DIR=$RPM_BUILD_ROOT MAN8_DIR=$RPM_BUILD_ROOT/%{_mandir}/man8 install %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-, root, root) %doc AUTHORS %doc README %doc ChangeLog %doc docs/arp_fun.txt %doc docs/redundant_linux.txt %doc instance_config/203.12.97.7.cfg %doc instance_config/192.168.89.19.cfg %doc heartbeat/fake %{prefix}/sbin/* %{_mandir}/man8/* %dir /etc/fake %dir /etc/fake/instance_config %config /etc/fake/.fakerc %config /etc/fake/clear_routers %{prefix}/lib/heartbeat/fake fake-1.1.11/send_arp.80000600001567400156740000000505211225055712013445 0ustar hormshorms.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" .\" send_arp.8 February 2001 .\" Horms horms@verge.net.au .\" .\" send_arp .\" Send out one ARP packet with source/target IP and Ethernet .\" hardware addresses suuplied by the user .\" Copyright (C) 1997 Yuri Volobuev .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License as .\" published by the Free Software Foundation; either version 2 of the .\" License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, but .\" WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU .\" General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA .\" 02111-1307 USA .\" .\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" .TH SEND_ARP 8 "30th October 2003" .SH NAME send_arp \- Send out one ARP packet with source/target IP and Ethernet hardware addresses suuplied by the user. .SH SYNOPSIS \fBsend_arp\fP sndr_ip_addr sndr_hw_addr targ_ip_addr targ_hw_addr [src_int [src_hw_addr [dest_hw_addr]]] .SH DESCRIPTION \fBsend_arp\fP This program sends out one ARP packet with source/target IP and Ethernet hardware addresses suuplied by the user. It compiles and works on Linux and will probably work on any Unix that has SOCK_PACKET. .P The idea behind this program is a proof of a concept, nothing more. It comes as is, no warranty. However, you're allowed to use it under one condition: you must use your brain simultaneously. If this condition is not met, you shall forget about this program and go RTFM immediately. .SH OPTIONS .TP .B sndr_ip_addr Sender IP address for ARP packet. .TP .B sndr_hw_addr Sender Hardware address for ARP packet. .TP .B targ_ip_addr Target IP address for ARP packet. .TP .B targ_hw_addr Target Hardware address for ARP packet. .TP .B src_int Source Interface for ARP packet. .TP .B src_hw_addr Source layer2 Hardware address for ARP packet. .TP .B dest_hw_addr Destination layer2 Hardware address for ARP packet. .SH AUTHORS .nf send_arp - Yuri Volobuev man page - Horms layer2 patch - Patrick Koppen fake-1.1.11/send_arp.request_reply.patch0000600001567400156740000000274611225055712017306 0ustar hormshorms--- send_arp.orig/send_arp.c 2004-06-08 12:28:24.000000000 +0900 +++ send_arp.orig/send_arp.c 2004-06-08 13:47:59.000000000 +0900 @@ -29,14 +29,15 @@ #define ARP_FRAME_TYPE 0x0806 #define ETHER_HW_TYPE 1 #define IP_PROTO_TYPE 0x0800 -#define OP_ARP_REQUEST 2 +#define OP_ARP_REQUEST 1 +#define OP_ARP_REPLY 2 #define DEFAULT_DEVICE "eth0" char usage[]={"send_arp: sends out custom ARP packet. yuri volobuev'97\n\n\ usage: send_arp sndr_ip_addr sndr_hw_addr\n\ targ_ip_addr targ_hw_addr\n\ - [targ_int [src_hw_addr [dest_hw_addr]]]\n\n"}; + [[targ_int [src_hw_addr [dest_hw_addr] [request|reply]]\n\n"}; struct arp_packet { u_char dest_hw_addr[ETH_HW_ADDR_LEN]; @@ -67,7 +68,7 @@ char *c; int n; -if(argc < 5 || argc > 8) die(usage); +if(argc < 5 || argc > 9) die(usage); sock=socket(AF_INET,SOCK_PACKET,htons(ETH_P_RARP)); if(sock<0){ @@ -80,9 +81,22 @@ pkt.prot_type = htons(IP_PROTO_TYPE); pkt.hw_addr_size = ETH_HW_ADDR_LEN; pkt.prot_addr_size = IP_ADDR_LEN; -pkt.op=htons(OP_ARP_REQUEST); -if ( argc == 8 ) { +if ( argc == 9 ) { + if (! strcasecmp("request", argv[8])) { + pkt.op=htons(OP_ARP_REQUEST); + } + else if (! strcasecmp("reply", argv[8])) { + pkt.op=htons(OP_ARP_REPLY); + } + else { + die("Invalid arp type. Must be \"request\" or \"reply\""); + } +} else { + pkt.op=htons(OP_ARP_REQUEST); +} + +if ( argc >= 8 ) { get_hw_addr(pkt.dest_hw_addr,argv[7]); } else { get_hw_addr(pkt.dest_hw_addr,argv[4]); fake-1.1.11/send_arp.l2.patch0000600001567400156740000000464211225055712014715 0ustar hormshorms--- send_arp.orig/send_arp.c 2002-10-21 14:19:27.000000000 +0900 +++ send_arp/send_arp.c 2002-10-21 14:25:03.000000000 +0900 @@ -33,11 +33,13 @@ #define DEFAULT_DEVICE "eth0" -char usage[]={"send_arp: sends out custom ARP packet. yuri volobuev'97\n\ -usage: send_arp src_ip_addr src_hw_addr targ_ip_addr targ_hw_addr [targ_int]\n\n"}; +char usage[]={"send_arp: sends out custom ARP packet. yuri volobuev'97\n\n\ +usage: send_arp sndr_ip_addr sndr_hw_addr\n\ + targ_ip_addr targ_hw_addr\n\ + [targ_int [src_hw_addr [dest_hw_addr]]]\n\n"}; struct arp_packet { - u_char targ_hw_addr[ETH_HW_ADDR_LEN]; + u_char dest_hw_addr[ETH_HW_ADDR_LEN]; u_char src_hw_addr[ETH_HW_ADDR_LEN]; u_short frame_type; u_short hw_type; @@ -47,8 +49,8 @@ u_short op; u_char sndr_hw_addr[ETH_HW_ADDR_LEN]; u_char sndr_ip_addr[IP_ADDR_LEN]; - u_char rcpt_hw_addr[ETH_HW_ADDR_LEN]; - u_char rcpt_ip_addr[IP_ADDR_LEN]; + u_char targ_hw_addr[ETH_HW_ADDR_LEN]; + u_char targ_ip_addr[IP_ADDR_LEN]; u_char padding[18]; }; @@ -58,14 +60,14 @@ int main(int argc,char** argv){ -struct in_addr src_in_addr,targ_in_addr; +struct in_addr sndr_in_addr,targ_in_addr; struct arp_packet pkt; struct sockaddr sa; +int sock; char *c; int n; -int sock; -if(argc != 5 && argc !=6)die(usage); +if(argc < 5 || argc > 8) die(usage); sock=socket(AF_INET,SOCK_PACKET,htons(ETH_P_RARP)); if(sock<0){ @@ -80,20 +82,30 @@ pkt.prot_addr_size = IP_ADDR_LEN; pkt.op=htons(OP_ARP_REQUEST); +if ( argc == 8 ) { + get_hw_addr(pkt.dest_hw_addr,argv[7]); +} else { + get_hw_addr(pkt.dest_hw_addr,argv[4]); +} + +if ( argc >= 7 ) { + get_hw_addr(pkt.src_hw_addr,argv[6]); +} else { + get_hw_addr(pkt.src_hw_addr,argv[2]); +} + get_hw_addr(pkt.targ_hw_addr,argv[4]); -get_hw_addr(pkt.rcpt_hw_addr,argv[4]); -get_hw_addr(pkt.src_hw_addr,argv[2]); get_hw_addr(pkt.sndr_hw_addr,argv[2]); -get_ip_addr(&src_in_addr,argv[1]); +get_ip_addr(&sndr_in_addr,argv[1]); get_ip_addr(&targ_in_addr,argv[3]); -memcpy(pkt.sndr_ip_addr,&src_in_addr,IP_ADDR_LEN); -memcpy(pkt.rcpt_ip_addr,&targ_in_addr,IP_ADDR_LEN); +memcpy(pkt.sndr_ip_addr,&sndr_in_addr,IP_ADDR_LEN); +memcpy(pkt.targ_ip_addr,&targ_in_addr,IP_ADDR_LEN); bzero(pkt.padding,18); -if (argc!=6) { +if (argc==5) { strcpy(sa.sa_data,DEFAULT_DEVICE); } else { if ((c=strchr(argv[5], ':'))) { fake-1.1.11/send_arp.patch0000600001567400156740000000240511225055712014374 0ustar hormshormsdiff -uN send_arp.orig/Makefile send_arp/Makefile --- send_arp.orig/Makefile Wed Dec 31 19:00:00 1969 +++ send_arp/Makefile Thu Oct 29 15:40:47 1998 @@ -0,0 +1,35 @@ +###################################################################### +# Makefile for send_arp October 1998 +# horms horms@vergenet.net +# +# +# Freely distributable under the terms of the +# GNU General Public License +# +# Note: send_arp was written by: +# yuri volobuev'97 +# volobuev@t1.chem.umn.edu +# +# +# This make file is included to help automation of installation +# +###################################################################### + +ROOT_DIR= +SRC=send_arp.c +BIN=send_arp +BIN_DIR=$(ROOT_DIR)/usr/sbin + +.PHONY: all install clean + +all: $(BIN) + +$(BIN): $(SRC) + $(CC) $(SRC) -o $(BIN) + +clean: + rm -f $(BIN) core $(SRC).* + +install: + mkdir -p $(BIN_DIR) + cp $(BIN) $(BIN_DIR) diff -uN send_arp.orig/send_arp.c send_arp/send_arp.c --- send_arp.orig/send_arp.c Thu Oct 29 15:56:46 1998 +++ send_arp/send_arp.c Thu Oct 29 15:20:43 1998 @@ -21,7 +21,6 @@ #include #include #include -#include #include #include