exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

fbsdnospoof.c

fbsdnospoof.c
Posted May 4, 2000
Authored by s0ftpj, Pigpen | Site s0ftpj.org

Anti-spoofing lkm for FreeBSD via setsockopt() - detects and logs IP header manipulation.

tags | spoof
systems | freebsd
SHA-256 | 6767ad2628aeb75102b54f33c88228bce7c4be5f07f5cbae3e4f3913921460c4

fbsdnospoof.c

Change Mirror Download
/*
* Name: ANTi SP00FiNG VIA SETSOCKOPT() ( fbsdnospoof.c )
* Date: Fri Feb 18 14:45:01 2000
* Author: pIGpEN [pigpen@s0ftpj.org, deadhead@sikurezza.org]
*
* SoftProject Digital Security for Y2K (www.s0ftpj.org)
* Sikurezza.org Italian Security MailingList (www.sikurezza.org)
*
* COFFEE-WARE LICENSE - This source code is like "THE BEER-WARE LICENSE" by
* Poul-Henning Kamp <phk@FreeBSD.ORG> but you can give me in return a coffee.
*
* Tested on: FreeBSD 4.0-19990705-CURRENT FreeBSD 4.0-19990705-CURRENT #6 i386
* FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE #0: Tue Dec i386
*
* Thanks to: del0rean / s0ftPj for cd with 3.4 release
* Lynyrd Skynyrd for Sweet Home Alabama
*
* Use a kld Makefile.. ( put in append )
*/

/*
* This kld detects type of ip spoofing based on setsockopt()... with IP_HDRINCL
* It works monitoring setsockopt() system call
*
* example of detection:
*
* ./DoS -s 666.666.666.666 -d 192.168.1.4
* IP_HDRINCL: Invalid argument
*
* syslog:
*
* Feb 18 14:44:25 storpio /kernel: Detect IP_HDRINCL invoked by d0s
* Feb 18 14:44:25 storpio /kernel: IP header manipulation... DENIED!
*
*/

/*
* Define DONT_PERMIT -> if you want to forbid IP header manipulation
* and so the chance of IP Spoofing from your
* BOX
*/

#define DONT_PERMIT

#include <sys/types.h>
#include <sys/param.h>
#include <sys/proc.h>
#include <sys/module.h>
#include <sys/syscall.h>
#include <sys/sysent.h>
#include <sys/kernel.h>
#include <sys/systm.h>
#include <sys/sysproto.h>
#include <sys/socket.h>
#include <sys/socketvar.h>

#include <sys/syslog.h>
#include <sys/file.h>

#include <netinet/in.h> /* IP_HDRINCL */




static int
my_setsockopt __P((struct proc *, register struct setsockopt_args *));

static int
my_setsockopt(p, uap)
struct proc *p;
register struct setsockopt_args *uap;
{
struct file *fp;
struct sockopt sopt;
int error;

if (uap->val == 0 && uap->valsize != 0)
return (EFAULT);
if (uap->valsize < 0)
return (EINVAL);

error = getsock(p->p_fd, uap->s, &fp);
if (error)
return (error);


if((uap->level == IPPROTO_IP) && (uap->name == IP_HDRINCL)) {
log(LOG_INFO, "Detect IP_HDRINCL invoked by %s\n", p->p_comm);
#ifdef DONT_PERMIT
log(LOG_INFO, "IP header manipulation... DENIED!\n");
return (EINVAL);
#endif
}

sopt.sopt_dir = SOPT_SET;
sopt.sopt_level = uap->level;
sopt.sopt_name = uap->name;
sopt.sopt_val = uap->val;
sopt.sopt_valsize = uap->valsize;
sopt.sopt_p = p;

return (sosetopt((struct socket *)fp->f_data, &sopt));

}



static int
module_handler(module_t mod, int cmd, void *arg) {

switch(cmd) {
case MOD_LOAD:
sysent[SYS_setsockopt].sy_call = (sy_call_t *) my_setsockopt;
break;

case MOD_UNLOAD:
sysent[SYS_setsockopt].sy_call = (sy_call_t *) setsockopt;
break;
}

return 0;
}

static moduledata_t SetSock = {
"SetSockOpt",
module_handler,
NULL
};

DECLARE_MODULE(SetSockOpt, SetSock, SI_SUB_DRIVERS, SI_ORDER_MIDDLE);

/* Makefile for this kld...

# SoftProject 2000 - Digital Sekurity for Y2k
# Sikurezza.org - Italian Security MailingList
#
# COFFEE-WARE LICENSE - This source code is like "THE BEER-WARE LICENSE" by
# Poul-Henning Kamp <phk@FreeBSD.ORG> but you can give me in return a coffee.
#
# Tested on: FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE #3: Thu Mar i386
# < pigpen@s0ftpj.org >

.PATH: /sys/kern
SRCS = fbsdnospoof.c
CFLAGS+= -I/sys
KMOD = nospoof
NOMAN = t
KLDMOD = t

KLDLOAD = /sbin/kldload
KLDUNLOAD = /sbin/kldunload

CLEANFILES+= ${KMOD}

load:
${KLDLOAD} -v ./${KMOD}

unload:
${KLDUNLOAD} -v -n ${KMOD}

.include <bsd.kmod.mk>

*/
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close