Ok. Juggernaut goes out, and the bug reports roll in. I am sure this is
probably just the first of several updates, but I wanted to get this out
ASAP. As always, comments appreciated.
Fixed in the 1.1 patchfile:
Connection spying now correctly isolates TCP circuits
Connection RSTing now resets better.
The interface drops the promiscuous mode flag upon exiting
Thanks to Sandu Mihai and techs@obfuscation.org.
To patch the source files:
cd Juggernaut
extract filename_containing_patch
make clean
patch < juggernaut1.0-1.1.patch
make
If the patch fails:
If the patch fails when patching net.c, it is because the extraction
utility adds about 10 CR's starting around line 280. Simply find the
closing paren 10 lines down and bring it up to the end of the first fprintf
line so it looks something like this:
if(fp){
fprintf(fp,"\n-- [....] ,ntohs(target->dport));
time(&tp); ^^
this guy goes here.
If this fails, either patch it by hand (it's really not that much) or mail
me and I will send you the updated source file.
- route [4.15.97]
<++> juggernaut1.0-1.1.patch
- --- main.c.old Tue Apr 15 10:08:05 1997
+++ NumberOneCrush/main.c Tue Apr 15 10:09:06 1997
@@ -42,7 +42,7 @@
#define DEVICE "eth0"
#define LOGFILE "./juggernaut.log.spy"
- -char version[]="1.0\0";
+char version[]="1.1\0";
int sigsentry=1; /* Signal sentry */
int ripsock=0; /* RIP socket */
int linksock=0; /* SOCK PACKET socket */
- --- net.c Tue Apr 15 10:30:47 1997
+++ NumberOneCrush/net.c Tue Apr 15 10:31:48 1997
@@ -92,13 +92,14 @@
* mode.
*/
- -int tap(device)
+int tap(device,mode)
char *device;
+int mode;
{
int fd;
struct ifreq ifr; /* Link-layer interface request structure */
- - /* Ethernet code for IP 0x800==ETH_P_IP */
+ /* Ethernet code for IP 0x0800==ETH_P_IP */
if((fd=socket(AF_INET,SOCK_PACKET,htons(ETH_P_IP)))<0){
if(verbosity)perror("(tap) SOCK_PACKET allocation problems [fatal]");
exit(1);
@@ -109,16 +110,22 @@
close(fd);
exit(1);
}
- - ifr.ifr_flags|=IFF_PROMISC; /* Set promiscuous mode */
+ if(!mode)ifr.ifr_flags^=IFF_PROMISC; /* Unset promiscuous mode */
+ else ifr.ifr_flags|=IFF_PROMISC; /* Set promiscuous mode */
if((ioctl(fd,SIOCSIFFLAGS,&ifr))<0){ /* Set flags */
- - if(verbosity)perror("(tap) Can't set promiscuous mode [fatal]");
+ if(verbosity)perror("(tap) Can't set/unset promiscuous mode [fatal]");
close(fd);
exit(1);
}
- - return(fd);
+ if(!mode){
+ close(fd);
+ return(0);
+ }
+ else return(fd);
}
+
/*
* Gimme a raw-IP socket. Use of IP_HDRINCL is automatic with 2.0.x
* kernels. Not sure about 1.2.x
@@ -261,7 +268,7 @@
void dumpp(char *,int,FILE *);
extern int sigsentry;
- - int tlinksock=tap(DEVICE); /* Spying tap. XXX- Really dumb way to do this... */
+ int tlinksock=tap(DEVICE,1); /* Spying tap. XXX- Really dumb way to do this... */
time_t tp;
ALIGNNETPOINTERS();
@@ -273,7 +280,7 @@
fprintf(fp,": Log started:\t\t%s---------------------------------------------------------------------\n",ctime(&tp));
}
/* NO alaram timeout here. SIGINT kills our spy session */
- - while(sigsentry)if(recv(tlinksock,&epack,sizeof(epack),0))if(iphp->protocol==IPPROTO_TCP)if(iphp->saddr==target->daddr&&tcphp->source==target->dport)dumpp(epack.payload-2,htons(iphp->tot_len)-sizeof(epack.ip)-sizeof(epack.tcp),fp);
+ while(sigsentry)if(recv(tlinksock,&epack,sizeof(epack),0))if(iphp->protocol==IPPROTO_TCP)if(iphp->saddr==target->daddr && iphp->saddr==target->daddr && tcphp->dest==target->sport)dumpp(epack.payload-2,htons(iphp->tot_len)-sizeof(epack.ip)-sizeof(epack.tcp),fp);
if(fp){
fprintf(fp,"\n---------------------------------------------------------------------\n: Juggernaut connection spy log trailer\n: %s [%d]\t-->\t %s [%d]\n",hostLookup(target->saddr),ntohs(target->sport),hostLookup(target->daddr),ntohs(target->dport));
@@ -337,8 +344,8 @@
unsigned short tlen;
}*ppheader;
- - static int moot=0;
- - int tlinksock=tap(DEVICE);
+ int moot=0;
+ int tlinksock=tap(DEVICE,1);
ALIGNNETPOINTERS();
@@ -441,7 +448,7 @@
extern int ripsock;
extern int acrstpid;
char *tempBuf=0;
- - int tlinksock=tap(DEVICE);
+ int tlinksock=tap(DEVICE,1);
switch((acrstpid=fork())){ /* Drop a child to backround, return the
parent to continue */
@@ -560,7 +567,7 @@
extern int netreadtimeout;
static int len;
char *tempBuf;
- - int tlinksock=tap(DEVICE);
+ int tlinksock=tap(DEVICE,1);
ALIGNNETPOINTERS();
@@ -665,7 +672,7 @@
extern int netreadtimeout;
extern int sigsentry;
static int len;
- - int tlinksock=tap(DEVICE);
+ int tlinksock=tap(DEVICE,1);
ALIGNNETPOINTERS();
@@ -789,7 +796,7 @@
int grabflag=0; /* Time to grab some packets */
unsigned long targetsourceip=0;
unsigned short targetsourceport=0;
- - int tlinksock=tap(DEVICE);
+ int tlinksock=tap(DEVICE,1);
if(!(fp=fopen(SNIFLOG,"a+"))){ /* Log to file */
if(verbosity){
- --- surplus.c.old Tue Apr 15 10:08:05 1997
+++ NumberOneCrush/surplus.c Tue Apr 15 10:04:59 1997
@@ -29,6 +29,7 @@
#define HELPFILE "./ClothLikeGauze/.help"
#define FBUFSIZE 80
#define MINIBUF 10
+#define DEVICE "eth0"
extern int verbosity;
@@ -346,6 +347,7 @@
void cleanexit(){
void powerdown();
+ int tap(char *,int);
extern int ripsock;
extern int hpid;
@@ -353,6 +355,7 @@
close(ripsock);
powerdown();
+ tap(DEVICE,0); /* Unset promisc mode on the interface */
if(kill(hpid,SIGUSR1))if(verbosity){ /* Send signal to the hunter */
perror("(cleanexit) Could not signal hunter");
fprintf(stderr,"[cr]");
<--> juggernaut1.0-1.1.patch
EOF
- --
[human acquiescence is as easily obtained by terror as by temptation]
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBM1O/1AtXkSokWGapAQEuSQQAj4pAwtVMCfqtMBoqJXGGVbpbyKRp+F6E
Fv7tEw167kfD/8/lDiEzXXfO97BTPieVDqyrq50DGo5Rd2CJL1ntUUv6Y6qRDg7e
cqaHNFyhmoVnpElqFhUng1gGJjttEUXKQGJdWnGNrtkMJlfB/Ydl8ligWCto8uIJ
Kig1GrzurIU=
=zk/f
-----END PGP SIGNATURE-----