rdp - ICMP router discovery protocol spoofer

1999-12-05 18:20:48 +00:00 · 1999-12-05 18:20:48 +00:00 · f2410ee5d8
commit f2410ee5d8
parent 4f2c12f730
6 changed files with 73 additions and 0 deletions
--- a/security/rdp/Makefile
+++ b/security/rdp/Makefile
@ -0,0 +1,33 @@
+# Makefile for:		rdp
+# Version required:	1.0
+# Date created:		25 Nov 1999
+# Whom:			dugsong@monkey.org
+#
+# $OpenBSD: Makefile,v 1.1.1.1 1999/12/05 18:20:48 dugsong Exp $
+
+PKGNAME=	rdp-1.0
+
+CATEGORIES=	security
+
+MAINTAINER=	dugsong@monkey.org
+
+DISTNAME=	rdp
+
+MASTER_SITES=	http://www.l0pht.com/advisories/
+
+BUILD_DEPENDS=	${PREFIX}/lib/libnet.a:${PORTSDIR}/net/libnet
+
+NO_WRKSUBDIR=	yes
+
+NO_CONFIGURE=	yes
+
+do-build:
+		cd ${WRKSRC} && ${CC} ${CFLAGS} -I${PREFIX}/include -o rdp \
+		icmp_rdp.c -L${PREFIX}/lib -lnet -lpcap
+
+do-install:
+		${INSTALL_PROGRAM} ${WRKSRC}/rdp ${PREFIX}/sbin
+		${INSTALL_DATA_DIR} ${PREFIX}/share/doc/rdp
+		${INSTALL_DATA} ${WRKSRC}/rdp.advisory ${PREFIX}/share/doc/rdp
+
+.include <bsd.port.mk>
--- a/security/rdp/files/md5
+++ b/security/rdp/files/md5
@ -0,0 +1,3 @@
+MD5 (rdp.tar.gz) = bde70188286f7cfb27add92d188a2338
+RMD160 (rdp.tar.gz) = 321bb109fa5a675b713247892caca9bc9f354ccb
+SHA1 (rdp.tar.gz) = c90def3b85c35225dc2f60d3f01996beac991e69
--- a/security/rdp/patches/patch-aa
+++ b/security/rdp/patches/patch-aa
@ -0,0 +1,11 @@
+--- icmp_rdp.c.orig	Wed Nov 24 06:16:31 1999
+++ icmp_rdp.c	Wed Nov 24 06:17:32 1999
+@@ -384,7 +384,7 @@
+ 
+   memcpy(&ip_packet, packet + 14, sizeof(struct ip));
+ 
+-  return(ip_packet.ip_src._S_un._S_addr);
+  return(ip_packet.ip_src.s_addr);
+ }
+ 
+ void send_icmp_rdisc_response(int sock, struct values *value_pass){
--- a/security/rdp/pkg/COMMENT
+++ b/security/rdp/pkg/COMMENT
@ -0,0 +1 @@
+ICMP router discovery protocol spoofer
--- a/security/rdp/pkg/DESCR
+++ b/security/rdp/pkg/DESCR
@ -0,0 +1,22 @@
+from rdp.advisory:
+
+  The ICMP Router Discovery Protocol (IRDP) comes enabled by default on
+DHCP clients that are running Microsoft Windows95 (w/winsock2),
+Windows95b, Windows98, Windows98se, and Windows2000 machines.  By
+spoofing IRDP Router Advertisements, an attacker can remotely add default
+route entries on a remote system.  The default route entry added by the
+attacker will be preferred over the default route obtained from the DHCP
+server.
+
+  SunOS systems will also intentionally use IRDP under specific
+conditions. For Solaris2.6, the IRDP daemon, in.rdisc, will be started
+if the following conditions are met:
+
+		. The system is a host, not a router.
+		. The system did not learn a default gateway from a 
+		  DHCP server.
+		. The system does not have any static routes.
+		. The system does not have a valid /etc/defaultrouter
+		  file.
+
+-d.
--- a/security/rdp/pkg/PLIST
+++ b/security/rdp/pkg/PLIST
@ -0,0 +1,3 @@
+sbin/rdp
+share/doc/rdp/rdp.advisory
+@dirrm share/doc/rdp