ISIC - IP stack integrity checker

2000-01-24 19:58:17 +00:00 · 2000-01-24 19:58:17 +00:00 · 09e6aa5694
commit 09e6aa5694
parent 440a24bd79
13 changed files with 307 additions and 0 deletions
--- a/security/isic/Makefile
+++ b/security/isic/Makefile
@ -0,0 +1,24 @@
+# Makefile for:		isic
+# Version required:	0.04
+# Date created:		24 Jan 2000
+# Whom:			dugsong@monkey.org
+#
+# $OpenBSD: Makefile,v 1.1.1.1 2000/01/24 19:58:17 dugsong Exp $
+
+DISTNAME=	isic-0.04
+
+CATEGORIES=	security
+
+MASTER_SITES=	http://expert.cc.purdue.edu/~frantzen/
+
+EXTRACT_SUFX=	.tgz
+
+MAINTAINER=	dugsong@monkey.org
+
+BUILD_DEPENDS=	${PREFIX}/lib/libnet.a:${PORTSDIR}/net/libnet
+
+WRKSRC=		${WRKDIR}/isic
+
+USE_AUTOCONF=	yes
+
+.include <bsd.port.mk>
--- a/security/isic/files/md5
+++ b/security/isic/files/md5
@ -0,0 +1,3 @@
+MD5 (isic-0.04.tgz) = d70ebe0511307750a253b741671f6038
+RMD160 (isic-0.04.tgz) = b62a68a8f1370293c5d0162c8075e5f636660ef3
+SHA1 (isic-0.04.tgz) = e24454f12da9c2ec839ac1e809001e78de74319a
--- a/security/isic/patches/patch-aa
+++ b/security/isic/patches/patch-aa
@ -0,0 +1,12 @@
+--- configure.in.orig	Tue Dec  7 16:09:04 1999
+++ configure.in	Mon Jan 24 14:18:20 2000
+@@ -4,7 +4,8 @@
+ AC_PROG_INSTALL
+ 
+ dnl Bah.... Quick hack to fine libnet
+-AC_CHECK_FILE(/usr/local/lib/libnet.a, [FOO=$LIBS; LIBS=-L/usr/local/lib $LIBS])
+PREFIX=/usr/local
+AC_CHECK_FILE($PREFIX/lib/libnet.a, [FOO=$LIBS; CFLAGS="$CFLAGS -I$PREFIX/include" LIBS="-L$PREFIX/lib $LIBS"])
+ AC_CHECK_FILE(/usr/lib/aout/libnet.a, [FOO=$LIBS; LIBS=-L/usr/lib/aout $LIBS])
+ AC_HAVE_LIBRARY(net, [DEFINES= ] ,
+   AC_MSG_ERROR([Cannot find libnet...  please get it from
--- a/security/isic/patches/patch-ab
+++ b/security/isic/patches/patch-ab
@ -0,0 +1,13 @@
+--- isic.h~	Tue Dec  7 16:09:04 1999
+++ isic.h	Mon Jan 24 14:20:18 2000
+@@ -7,10 +7,6 @@
+ 
+ #include <libnet.h>
+ 
+-#include <netinet/tcp.h>
+-#include <netinet/udp.h>
+-#include <netinet/ip_icmp.h>
+-
+ #include <sys/time.h>
+ #include <signal.h>
+ 
--- a/security/isic/patches/patch-ac
+++ b/security/isic/patches/patch-ac
@ -0,0 +1,38 @@
+--- isic.c.orig	Mon Jan 24 14:24:28 2000
+++ isic.c	Mon Jan 24 14:25:02 2000
+@@ -82,7 +82,7 @@
+ 			dst_ip_rand = 1;
+ 			break;
+ 		}
+-		if (!(dst_ip = name_resolve(optarg, 1))) {
+		if (!(dst_ip = libnet_name_resolve(optarg, 1))) {
+ 			fprintf(stderr, "Bad dest IP\n");
+ 			exit( -1 );
+ 		}
+@@ -94,7 +94,7 @@
+ 			src_ip_rand = 1;
+ 			break;
+ 		}
+-		if (!(src_ip = name_resolve(optarg, 1))) {
+		if (!(src_ip = libnet_name_resolve(optarg, 1))) {
+ 			fprintf(stderr, "Bad source IP\n");
+ 			exit( -1 );
+ 		}
+@@ -153,7 +153,7 @@
+ 		exit( -1 );
+ 	}
+ 
+-	if ( (sock = open_raw_sock(IPPROTO_RAW)) == -1 ) {
+	if ( (sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1 ) {
+ 		perror("socket: ");
+ 		exit(EXIT_FAILURE);
+ 	}
+@@ -237,7 +237,7 @@
+  		 
+ 		if ( skip <= acx ) {
+ 			for ( cx = 0; cx < repeat; cx++ ) {
+-				c = write_ip(sock, buf, IP_H + payload_s);
+				c = libnet_write_ip(sock, buf, IP_H + payload_s);
+ 				datapushed+=c;
+ 			}
+ 	/*  This is way too noisy!
--- a/security/isic/patches/patch-ad
+++ b/security/isic/patches/patch-ad
@ -0,0 +1,47 @@
+--- icmpsic.c.orig	Tue Dec  7 16:09:04 1999
+++ icmpsic.c	Mon Jan 24 14:27:21 2000
+@@ -79,7 +79,7 @@
+ 			dst_ip_rand = 1;
+ 			break;
+ 		}
+-		if (!(dst_ip = name_resolve(optarg, 1))) {
+		if (!(dst_ip = libnet_name_resolve(optarg, 1))) {
+ 			fprintf(stderr, "Bad dest IP\n");
+ 			exit( -1 );
+ 		}
+@@ -91,7 +91,7 @@
+ 			src_ip_rand = 1;
+ 			break;
+ 		}
+-		if (!(src_ip = name_resolve(optarg, 1))) {
+		if (!(src_ip = libnet_name_resolve(optarg, 1))) {
+ 			fprintf(stderr, "Bad source IP\n");
+ 			exit( -1 );
+ 		}
+@@ -156,7 +156,7 @@
+ 		exit( -1 );
+ 	}
+ 
+-	if ( (sock = open_raw_sock(IPPROTO_RAW)) == -1 ) {
+	if ( (sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1 ) {
+ 		perror("socket: ");
+ 		exit(EXIT_FAILURE);
+ 	}
+@@ -258,7 +258,7 @@
+ 
+ 		if ( rand() <= (RAND_MAX * ICMPCksm) )
+ 			icmp->icmp_cksum = rand() & 0xffff;
+-		else	do_checksum(buf, IPPROTO_ICMP, 4 + payload_s);
+		else	libnet_do_checksum(buf, IPPROTO_ICMP, 4 + payload_s);
+ 
+ 
+ 
+@@ -273,7 +273,7 @@
+ 		
+ 		if ( skip <= acx ) {
+ 			for ( cx = 0; cx < repeat; cx++ ) {
+-				c = write_ip(sock, buf, packet_len);
+				c = libnet_write_ip(sock, buf, packet_len);
+ 				datapushed+=c;
+ 			}
+ 			if (c != (packet_len) ) {
--- a/security/isic/patches/patch-ae
+++ b/security/isic/patches/patch-ae
@ -0,0 +1,47 @@
+--- tcpsic.c.orig	Tue Dec  7 16:09:04 1999
+++ tcpsic.c	Mon Jan 24 14:26:00 2000
+@@ -91,7 +91,7 @@
+ 			dst_ip_rand = 1;
+ 			break;
+ 		}
+-		if (!(dst_ip = name_resolve(optarg, 1))) {
+		if (!(dst_ip = libnet_name_resolve(optarg, 1))) {
+ 			fprintf(stderr, "Bad dest IP\n");
+ 			exit( -1 );
+ 		}
+@@ -109,7 +109,7 @@
+ 			src_ip_rand = 1;
+ 			break;
+ 		}
+-		if (!(src_ip = name_resolve(optarg, 1))) {
+		if (!(src_ip = libnet_name_resolve(optarg, 1))) {
+ 			fprintf(stderr, "Bad source IP\n");
+ 			exit( -1 );
+ 		}
+@@ -180,7 +180,7 @@
+ 		exit( -1 );
+ 	}
+ 
+-	if ( (sock = open_raw_sock(IPPROTO_RAW)) == -1 ) {
+	if ( (sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1 ) {
+ 		perror("socket: ");
+ 		exit(EXIT_FAILURE);
+ 	}
+@@ -302,7 +302,7 @@
+ 				(u_int16_t) payload[cx] = rand() & 0xffff;
+ 
+ 		if ( rand() <= (RAND_MAX * TCPCksm) )
+-			do_checksum(buf, IPPROTO_TCP, (tcp->th_off << 2)
+			libnet_do_checksum(buf, IPPROTO_TCP, (tcp->th_off << 2)
+ 						+ payload_s);
+ 		else	tcp->th_sum = rand() & 0xffff;
+ 		
+@@ -318,7 +318,7 @@
+  		 
+ 		if ( skip <= acx ) {
+ 			for ( cx = 0; cx < repeat; cx++ ) {
+-				c = write_ip(sock, buf, packet_len);
+				c = libnet_write_ip(sock, buf, packet_len);
+ 				datapushed+=c;
+ 			}
+ 			if (c < (packet_len) ) {
--- a/security/isic/patches/patch-af
+++ b/security/isic/patches/patch-af
@ -0,0 +1,44 @@
+--- udpsic.c.orig	Tue Dec  7 16:09:04 1999
+++ udpsic.c	Mon Jan 24 14:26:16 2000
+@@ -89,7 +89,7 @@
+ 			dst_ip_rand = 1;
+ 			break;
+ 		}
+-		if (!(dst_ip = name_resolve(optarg, 1))) {
+		if (!(dst_ip = libnet_name_resolve(optarg, 1))) {
+ 			fprintf(stderr, "Bad dest IP\n");
+ 			exit( -1 );
+ 		}
+@@ -107,7 +107,7 @@
+ 			src_ip_rand = 1;
+ 			break;
+ 		}
+-		if (!(src_ip = name_resolve(optarg, 1))) {
+		if (!(src_ip = libnet_name_resolve(optarg, 1))) {
+ 			fprintf(stderr, "Bad source IP\n");
+ 			exit( -1 );
+ 		}
+@@ -172,7 +172,7 @@
+ 		exit( -1 );
+ 	}
+ 
+-	if ( (sock = open_raw_sock(IPPROTO_RAW)) == -1 ) {
+	if ( (sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1 ) {
+ 		perror("socket: ");
+ 		exit(EXIT_FAILURE);
+ 	}
+@@ -288,12 +288,12 @@
+ 		
+ 		if ( rand() <= (RAND_MAX * UDPCksm) )
+ 			udp->uh_sum = rand() & 0xffff;
+-		else	do_checksum(buf, IPPROTO_UDP, UDP_H + payload_s);
+		else	libnet_do_checksum(buf, IPPROTO_UDP, UDP_H + payload_s);
+ 
+  		 
+ 		if ( skip <= acx ) {
+ 			for ( cx = 0; cx < repeat; cx++ ) {
+-				c = write_ip(sock, buf, packet_len);
+				c = libnet_write_ip(sock, buf, packet_len);
+ 				datapushed+=c;
+ 			}
+ 			if (c < (packet_len) ) {
--- a/security/isic/patches/patch-ag
+++ b/security/isic/patches/patch-ag
@ -0,0 +1,28 @@
+--- Makefile.in.orig	Mon Dec 27 00:15:04 1999
+++ Makefile.in	Mon Jan 24 14:50:27 2000
+@@ -2,6 +2,8 @@
+ # To build for Trinux, add '-static' to LDFLAGS
+ # and 'strip *sic' after they compile
+ 
+PREFIX ?= /usr/local
+
+ CC	= @CC@
+ DEFS	= @DEFS@ `libnet-config --defines`
+ CFLAGS	= @CFLAGS@ `libnet-config --cflags`
+@@ -29,7 +31,7 @@
+ icmpsic: icmpsic.c isic.h
+ 	gcc -o icmpsic icmpsic.c -Wall -W $(CFLAGS) $(DEFS) $(LIBS) $(LDFLAGS)
+ 
+-esic: esic.c esic.h
+esic: esic.c
+ 	gcc -o esic esic.c -Wall -W $(CFLAGS) $(DEFS) $(LIBS) $(LDFLAGS)
+ 
+ realclean: distclean
+@@ -43,5 +45,5 @@
+ 	tar -czvf ../isic-$(VERSION).tgz *
+ 
+ install: $(BINS)
+-	$(INSTALL) -g 0 -m 0755 -o root -d /usr/local/bin
+-	$(INSTALL) -g 0 -m 0755 -o root -c $(BINS) /usr/local/bin
+	$(INSTALL) -m 0755 -d ${PREFIX}/bin
+	$(INSTALL) -m 0755 -c $(BINS) ${PREFIX}/bin
--- a/security/isic/patches/patch-ah
+++ b/security/isic/patches/patch-ah
@ -0,0 +1,33 @@
+--- esic.c.orig	Tue Dec  7 16:09:04 1999
+++ esic.c	Mon Jan 24 14:48:15 2000
+@@ -7,9 +7,9 @@
+  * The bastards always have to take a standard and fuck with it.
+  */
+ 
+#define __GLIBC__	1	/* XXX */
+ #include <libnet.h>
+ #include <netinet/if_ether.h>
+-#include <netinet/ip.h>
+ 
+ #ifndef ETHER_FRAME_SIZE
+ # define ETHER_FRAME_SIZE 1500
+@@ -28,8 +28,8 @@
+ 	u_int16_t proto = htons(ETHERTYPE_IP);
+ 	struct ether_addr *ea = NULL;
+ 	u_int16_t *data = NULL;
+-	struct link_int *lli;
+-	u_char dev[128] = "";
+	struct libnet_link_int *lli;
+	char dev[128] = "";
+ 	u_char *buf = NULL;
+ 	int proto_rand = 0;
+ 	struct timeval tv, tv2;
+@@ -136,7 +136,7 @@
+ 	bzero(buf, ETHER_FRAME_SIZE);
+ 	ether = (struct ether_header *) buf;
+ 
+-	if ( (lli = open_link_interface(dev, errtxt)) == NULL) {
+	if ( (lli = libnet_open_link_interface(dev, errtxt)) == NULL) {
+ 		printf("Failed to open link layer:  %s\n", errtxt);
+ 		free( buf );
+ 		exit( -1 );
--- a/security/isic/pkg/COMMENT
+++ b/security/isic/pkg/COMMENT
@ -0,0 +1 @@
+IP stack integrity checker
--- a/security/isic/pkg/DESCR
+++ b/security/isic/pkg/DESCR
@ -0,0 +1,12 @@
+from http://expert.cc.purdue.edu/~frantzen/:
+
+IP Stack Integrity Checker
+
+Its purpose is to test the stability of an IP Stack and its component
+stacks (TCP, UDP, ICMP et. al.) It does this be generating random
+packets of the desired protocol. The packets can have tendancies. ie
+by default all packets have a 50% chance of having IP Options. The
+packets are then sent against the target machine to either penetrate
+its firewall rules or find bugs in the IP stack.
+
+-d.
--- a/security/isic/pkg/PLIST
+++ b/security/isic/pkg/PLIST
@ -0,0 +1,5 @@
+bin/isic
+bin/tcpsic
+bin/udpsic
+bin/icmpsic
+bin/esic