--- irpas-0.10.orig/Makefile +++ irpas-0.10/Makefile @@ -1,8 +1,12 @@ # IRPAS Makefile +# Inserted for Debian package +DESTDIR = +BIN = $(DESTDIR)/usr/bin/ +SBIN = $(DESTDIR)/usr/sbin/ + CLIBS= -lpcap -CFLAGS=-Wall -g -Wunused -Wmissing-prototypes -I. -L. \ - -I./libpcap-0.4 -L./libpcap-0.4 +CFLAGS=-Wall -g -Wunused -Wmissing-prototypes -I. -L. -Llibpcap CC=gcc RM=rm CP=cp @@ -16,94 +20,92 @@ itrace.o tctrace.o protos.o netmask.o file2cable.o dfkaa.o netenum.o \ hsrp.o icmp_redirect.o timestamp.o dhcpx.o PROGRAMS=cdp igrp ass irdp irdpresponder itrace tctrace protos \ - netmask file2cable dfkaa netenum hsrp icmp_redirect timestamp dhcpx + inetmask file2cable dfkaa netenum hsrp icmp_redirect timestamp dhcpx -all: libpc ${PROGRAMS} +all: ${PROGRAMS} -libpc: - ( cd libpcap-0.4; ./configure && make ) # programs dhcpx: dhcpx.o libpackets.a - ${CC} ${CFLAGS} -o dhcpx dhcpx.o -lpackets -lpcap + ${CC} ${CFLAGS} -o ${SBIN}dhcpx dhcpx.o -lpackets -lpcap dhcpx.o: dhcpx.c packets.h protocols.h ${CC} ${CFLAGS} -c dhcpx.c dfkaa: dfkaa.o libpackets.a - ${CC} ${CFLAGS} -o dfkaa dfkaa.o -lpackets + ${CC} ${CFLAGS} -o ${SBIN}dfkaa dfkaa.o -lpackets dfkaa.o: dfkaa.c packets.h protocols.h ${CC} ${CFLAGS} -c dfkaa.c netenum: netenum.o libpackets.a - ${CC} ${CFLAGS} -o netenum netenum.o -lpackets + ${CC} ${CFLAGS} -o ${SBIN}netenum netenum.o -lpackets netenum.o: netenum.c packets.h protocols.h enum.h ${CC} ${CFLAGS} -c netenum.c hsrp: hsrp.o libpackets.a - ${CC} ${CFLAGS} -o hsrp hsrp.o -lpackets + ${CC} ${CFLAGS} -o ${SBIN}hsrp hsrp.o -lpackets hsrp.o: hsrp.c packets.h protocols.h ${CC} ${CFLAGS} -c hsrp.c file2cable: file2cable.o libpackets.a - ${CC} ${CFLAGS} -o file2cable file2cable.o -lpackets + ${CC} ${CFLAGS} -o ${SBIN}file2cable file2cable.o -lpackets file2cable.o: file2cable.c packets.h protocols.h ${CC} ${CFLAGS} -c file2cable.c cdp: cdp.o libpackets.a - ${CC} ${CFLAGS} -o cdp cdp.o -lpackets + ${CC} ${CFLAGS} -o ${SBIN}cdp cdp.o -lpackets cdp.o: cdp.c packets.h protocols.h ${CC} ${CFLAGS} -c cdp.c igrp: igrp.o libpackets.a - ${CC} ${CFLAGS} -o igrp igrp.o -lpackets + ${CC} ${CFLAGS} -o ${SBIN}igrp igrp.o -lpackets igrp.o: igrp.c packets.h protocols.h ${CC} ${CFLAGS} -c igrp.c timestamp: timestamp.o libpackets.a - ${CC} ${CFLAGS} -o timestamp timestamp.o -lpackets + ${CC} ${CFLAGS} -o ${SBIN}timestamp timestamp.o -lpackets timestamp.o: timestamp.c packets.h protocols.h ${CC} ${CFLAGS} -c timestamp.c -netmask: netmask.o libpackets.a - ${CC} ${CFLAGS} -o netmask netmask.o -lpackets +inetmask: netmask.o libpackets.a + ${CC} ${CFLAGS} -o ${SBIN}inetmask netmask.o -lpackets netmask.o: netmask.c packets.h protocols.h ${CC} ${CFLAGS} -c netmask.c itrace: itrace.o libpackets.a - ${CC} ${CFLAGS} -o itrace itrace.o -lpackets + ${CC} ${CFLAGS} -o ${SBIN}itrace itrace.o -lpackets itrace.o: itrace.c packets.h protocols.h ${CC} ${CFLAGS} -c itrace.c tctrace: tctrace.o libpackets.a - ${CC} ${CFLAGS} -o tctrace tctrace.o -lpackets + ${CC} ${CFLAGS} -o ${SBIN}tctrace tctrace.o -lpackets tctrace.o: tctrace.c packets.h protocols.h ${CC} ${CFLAGS} -c tctrace.c protos: protos.o libpackets.a - ${CC} ${CFLAGS} -o protos protos.o -lpackets + ${CC} ${CFLAGS} -o ${SBIN}protos protos.o -lpackets protos.o: protos.c packets.h protocols.h protocol-numbers.h ${CC} ${CFLAGS} -c protos.c irdp: irdp.o libpackets.a - ${CC} ${CFLAGS} -o irdp irdp.o -lpackets + ${CC} ${CFLAGS} -o ${SBIN}irdp irdp.o -lpackets irdp.o: irdp.c packets.h protocols.h ${CC} ${CFLAGS} -c irdp.c irdpresponder: irdpresponder.o libpackets.a - ${CC} ${CFLAGS} -o irdpresponder irdpresponder.o -lpackets ${CLIBS} + ${CC} ${CFLAGS} -o ${SBIN}irdpresponder irdpresponder.o -lpackets ${CLIBS} irdpresponder.o: irdpresponder.c packets.h protocols.h ${CC} ${CFLAGS} -c irdpresponder.c icmp_redirect.o: icmp_redirect.c packets.h protocols.h ${CC} ${CFLAGS} -c icmp_redirect.c icmp_redirect: icmp_redirect.o libpackets.a - ${CC} ${CFLAGS} -o icmp_redirect icmp_redirect.o -lpackets ${CLIBS} + ${CC} ${CFLAGS} -o ${SBIN}icmp_redirect icmp_redirect.o -lpackets ${CLIBS} ass_v1.o: ass_v1.c packets.h protocols.h ${CC} ${CFLAGS} -c ass_v1.c ass: ass_v1.o libpackets.a - ${CC} ${CFLAGS} -o ass ass_v1.o -lpackets ${CLIBS} + ${CC} ${CFLAGS} -o ${SBIN}ass ass_v1.o -lpackets ${CLIBS} assS: ass_v1.o libpackets.a - ${CC} ${CFLAGS} -o assS ass_v1.o -lpackets ${CLIBS} -static + ${CC} ${CFLAGS} -o ${SBIN}assS ass_v1.o -lpackets ${CLIBS} -static libpackets.a: packets.o enum.o $(AR) libpackets.a packets.o enum.o @@ -114,7 +116,9 @@ clean: ${RM} -f ${OBJECTS} - ( cd libpcap-0.4; make clean ) + ${RM} -f enum.o + ${RM} -f libpackets.a + ${RM} -Rf debian/irpas realclean: ${RM} -f ${OBJECTS} ${PROGRAMS} --- irpas-0.10.orig/ass_v1.c +++ irpas-0.10/ass_v1.c @@ -20,6 +20,7 @@ #include #include #include +#include #include "protocols.h" #include "packets.h" @@ -27,7 +28,7 @@ /* we need a sniffer enigine here */ #include -#include +#include /* definitions */ #define IPTTL 0x80 --- irpas-0.10.orig/cdp.c +++ irpas-0.10/cdp.c @@ -19,7 +19,7 @@ #include #include #include - +#include /* my stuff instead of libpacket */ #include "protocols.h" --- irpas-0.10.orig/debian/README.Debian +++ irpas-0.10/debian/README.Debian @@ -0,0 +1,6 @@ +irpas for Debian +---------------- + +Please read and obey the license in /usr/share/doc/irpas/copyright + + -- Vince Mulhollon , Mon, 16 Dec 2002 18:30:38 -0600 --- irpas-0.10.orig/debian/TODO +++ irpas-0.10/debian/TODO @@ -0,0 +1,3 @@ +To Do list for IRPAS + +finish the last half of manpages --- irpas-0.10.orig/debian/ass.1 +++ irpas-0.10/debian/ass.1 @@ -0,0 +1,128 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH ASS 1 "December 16, 2002" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +ass \- autonomous system scanner +.SH SYNOPSIS +.B ass +[-v[v[v]]] -i [-p] [-c] [-A] [-M] [-P IER12] +-a -b +[-S ] [-D ] +[-T ] +.SH DESCRIPTION +This manual page documents briefly the +.B ass +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. +.PP +ASS, the autonomous system scanner, is designed to find the AS of the router. +It supports the following protocols: +IRDP, IGRP, EIGRP, RIPv1, RIPv2, CDP, HSRP and OSPF. +.PP +In passive mode (./ass -i eth0), it just listens to routing protocol packets (like broadcast and multicast hellos). +.PP +In active mode (./ass -i eth0 -A), it tries to discover routers by asking for information. This is done to the appropriate address for each protocol (either broadcast or multicast addresses). If you specify a destination address, this will be used but may be not as effective as the defaults. +.PP +EIGRP scanning is done differently: While scanning, ASS listens for HELLO packets and then scans the AS directly on the router who advertised himself. You can force EIGRP scanning into the same AS-Scan behavior as IGRP uses by giving a destination or into multicast scanning by the option -M. +.PP +For Active mode, you can select the protocols you want to scan for. If you don't select them, all are scanned. You select protcols by giving the option -P and any combination of the following chars: IER12, where: +.PP +I = IGRP +.PP +E = EIGRP +.PP +R = IRDP +.PP +1 = RIPv1 +.PP +2 = RIPv2 +.PP +ASS output might look a little strange, but has it's meanings: +.PP +Routers are identified by the sender's IP address of the packet. This may lead to several routers showing up as more then one since they used different sender interfaces. In the brackets, the protocols this router runs are shown. +.PP +Routing protocols are shown as one or more indented lines. First, there is the routing protocol name (like EIGRP), followed by the autonomous system number in brackets. Aligned to the right is the target network if applicable. +.PP +IGRP routing info shows the target network and in brackets the following values: Delay, Bandwidth, MTU, Reliability, Load and Hopcount. +.PP +The IRDP info is limmited to the announced gateway (router) and it's preference +.PP +RIPv1 info just gives you the classified target network (remember RIPv1 network boundaries) and it's metric +.PP +RIPv2 info contains after the target network the following infos: Netmask, next hop, arbitary tag, and the metric. An additional line may appear on the routers section that gives you the authentication if enabled in the protocol. For text auth, the password is there. +.PP +The basic EIGRP just gives you the autonomous system number, the IOS and EIGRP version as found in the HELLO packet +.PP +The EIGRP routes section depends on the type of route. All of them include the fields destination network, destination mask and in the last line (in brackets) the values for Delay, Bandwidth, MTU, Reliability, Load and Hopcount. External routes also include the originating router, the originating autonomous system, the external metric and the source of this route. +.PP +HSRP info is not routing, therefore the third field is the virtual IP address of the standby group, followed by the state, the auth string, Hello, Hold and priority values. +.PP +OSPF info includes the destination network as well as the Area in IP format, the authentication used (and, if applicable the auth string), netmask, designated and backup router and the values for Dead, Priority and Hello. +.PP +.SH OPTIONS +A summary of options is included below. +.TP +.B \-h +Show summary of options. +.TP +.B \-i +interface +.TP +.B \-v +verbose mode +.TP +.B \-A +Active mode scanning +.TP +.B \-P +Select protocols to scan +.TP +.B \-M +EIGRP systems are scanned using the multicast +address and not by HELLO enumeration and +direct query +.TP +.B \-a +autonomous system to start from +.TP +.B \-b +autonomous system to stop with +.TP +.B \-S +maybe you need this +.TP +.B \-D +If you don't specify this, the appropriate +address per protocol is used +.TP +.B \-p +don't run in promiscuous mode (bad idea) +.TP +.B \-c +terminate after scanning. This is not +recommened since answers may arrive later and +you could see some traffic that did not show +up during your scans +.TP +.B \-T +how many packets should we wait some +miliseconds (-T 1 is the slowest scan +-T 100 begins to become unreliable) +.SH AUTHOR +This manual page was written by Vince Mulhollon , +for the Debian GNU/Linux system (but may be used by others). --- irpas-0.10.orig/debian/cdp.1 +++ irpas-0.10/debian/cdp.1 @@ -0,0 +1,125 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH CDP 1 "January 1, 2003" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +cdp \- cdp packet generator +.SH SYNOPSIS +.B cdp +-i +[-v +-n x +-l x +-c c +-r] +[-D +-P +-L +-S +-F +-C ] +.SH DESCRIPTION +This manual page documents briefly the +.B cdp +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. +.PP +CDP is a layer 2 protocol used by Cisco routers to discover each other on the same link (segment). This protocol is not routed and therefore this tool is just usefull in the local segment. +.PP +CDP messages contain information about the sending Cisco router. These include the device ID (hostname), port ID (which port was the sender), the platform running on, the software incl. version, what the box is capable of and which network address (IP address) the interface has. If not configured otherwise, Cisco routers send these messages out every 30 seconds. In our case (ethernet), they are send to a special MAC address (01:00:0C:CC:CC:CC) and therefore are received from every Cisco router in the same segment. Other routers store the data and hold it for a time defined in the message (the tool uses the maximum of 255 seconds). +.PP +Very interesting is, that Cisco IOS uses the device ID as key to find out if the received message is an update and the neighbor is already known or not. If the device ID is to long, this test seems to fail and you constantly fill up the routers memory. +.PP +The CDP tool can be used in two different modi: +.PP +The flood mode is used to send garbage CDP messages to the wire, which has different effects to the routers depending on their IOS version. It is not tested very well, which version of IOS reacts in which way on which kind of Cisco hardware. So if you come across somthing, please report it. IOS 11.1(1) was tested and the router could match even long device idīs but rebooted after receiving three or four random device id names. Most other IOS versions just store the message and fill up the memory. When you try to debug CDP events, all IOS we tested crashed and reboot. +.PP +To use CDP, you have to specify the ethernet interface you will be working on: -i eth0 +.PP +Everything else is optional. +.PP +-v verbose +.PP +-n x send x packets +.PP +-l x length of the device id string. Keep in mind, that the + whole ethernet frame has to be smaller the 1514 bytes. + The maximum length is therefore 1480 for the device id + (default is 1400) +.PP +-c c fills the device id with the char 'c' (default is 'A') +.PP +-r makes the device id a random string of characters, which + leads to no matching on the receiver Cisco and to memory fillup + or crash +.PP +Example: +.PP +./cdp -i eth0 -n 10000 -l 1480 -r +.PP +Hint: if you want to flood the routers completly, start two processes of cdp with different sizes. One of them running on full size (1480) to fill up the major part of the memory and another to fill up the rest with a length of 10 octets. +.PP +The second mode for CDP is spoofing. You can enable this mode with the command line option -m 1. It has no actuall use for attacking router and is mostly targeted fro social engineering or just to confuse the local administrator. It is used to send out 100% valid CDP infromation packets which look like generated by other Cisco routers. Here, you can specify any part of a CDP message yourself. +.PP +-i ethernet interface +.PP +-v verbose +.PP +-D device id string +.PP +-P port id string +.PP +-L platform string +.PP +-S software string +.PP +-F ip address of the interface +.PP +-C the capabilities of the device you are claiming to be: + R - Router, T - Trans Bridge, B - Source Route Bridge, + S - Switch, H - Host, I - IGMP, r - Repeater + Combine the letters to a string: RI means Router and IGMP +.PP +Example: +./cdp -v -i eth0 -m 1 -D 'Linuxfirewall' -P 'Ethernet0' -C R \ + -L 'Intel' -S "`uname -a`" -F '10.1.1.1' +.PP +Which results on the cisco router in the following information: +.PP +cisco#sh cdp neig detail +.PP +------------------------- +.PP +Device ID: Linuxfirewall +.PP +Entry address(es): +.PP +IP address: 10.1.1.1 +.PP +Platform: Intel, Capabilities: Router +.PP +Interface: Ethernet0, Port ID (outgoing port): Ethernet0 +.PP +Holdtime : 238 sec +.PP +Version : +.PP +Linux vince 2.4.18-686 #1 Sun Apr 14 11:32:47 EST 2002 i686 unknown unknown GNU/Linux +.PP +.SH AUTHOR +This manual page was written by Vince Mulhollon , +for the Debian GNU/Linux system (but may be used by others). --- irpas-0.10.orig/debian/changelog +++ irpas-0.10/debian/changelog @@ -0,0 +1,59 @@ +irpas (0.10-4.1ubuntu1) xenial; urgency=medium + + * debian/rules: + - Remove legacy DH_COMPAT export. + - Don't allow $(MAKE) clean to ignore errors. + - Replace dh_clean -k with dh_prep. + - Add recommended build-arch and build-indep targets. + * debian/compat: Indicate compatibility level of 9. + * debian/control: + - Build-depend on debhelper (>= 9). + - Depend on ${misc:Depends}. + + -- Logan Rosen Sat, 09 Apr 2016 12:31:55 +0000 + +irpas (0.10-4.1) unstable; urgency=low + + * NMU to unblock libpcap's transition to testing. + * Fix build against libpcap0.8 (closes: #480578). + + -- Romain Francoise Fri, 27 Jun 2008 20:43:19 +0200 + +irpas (0.10-4) unstable; urgency=low + + * Rename netmask to inetmask to prevent conflict with package "netmask" + (closes: Bug#176755) + * Add #include to ass_v1.c, cdp.c, dhcpx.c, timestamp.c + irdpresponder.c, itrace.c, protos.c + * comment out the #endif /* _ENUM_H_ */ in enum.h + * comment out the #endif /* __DEBUG__ */ in packets.c + * comment out the #endif /* _PACKET_H_ */ in packets.h + * comment out the #endif /* _PROTOCOL_NUMBERS_H_ */ in protocol-numbers.h + * comment out #define IPPROTO_ICMP 0x01 and UDP and GRE in protocols.h + * comment out the #endif /* _PROTOCOLS_H_ */ in protocols.h + * Thanks to Cristian Ionescu-Idbohrn for these above patches + + -- Vince Mulhollon Tue, 21 Jan 2003 16:46:20 -0600 + +irpas (0.10-3) unstable; urgency=low + + * Fixed typo in README.Debian (now points to correct directory) + (closes: Bug#175116) + * More manpages written. itrace, tctrace, netmask + + -- Vince Mulhollon Mon, 13 Jan 2003 18:47:33 -0600 + +irpas (0.10-2) unstable; urgency=low + + * New copyright file, upstream explicitly allows redistribution. + (closes: Bug#174107) + * Wrote and added about 1/2 of the manpages. + + -- Vince Mulhollon Wed, 1 Jan 2003 09:26:33 -0600 + +irpas (0.10-1) unstable; urgency=low + + * Initial Release. + + -- Vince Mulhollon Mon, 16 Dec 2002 18:30:38 -0600 + --- irpas-0.10.orig/debian/compat +++ irpas-0.10/debian/compat @@ -0,0 +1 @@ +9 --- irpas-0.10.orig/debian/control +++ irpas-0.10/debian/control @@ -0,0 +1,44 @@ +Source: irpas +Section: non-free/net +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Vince Mulhollon +Build-Depends: debhelper (>= 9), libpcap-dev +Standards-Version: 3.5.8.0 + +Package: irpas +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: Internetwork Routing Protocol Attack Suite + Despite the "exciting" title this is merely a collection of programs + used for advanced network operations, testing, and debugging. + . + CDP and the route injectors can be useful in a production network. + Several other tools are useful for security and firewall testing. + Finally some tools such as netenum are useful for general admin + scripting. + . + Like all powerful tools, someone whom is terminally stupid could + cause great damage when using these tools, so be careful. + . + cdp - Cisco discovery protocol packet sender + igrp - IGRP route injector + ass - Autonomous system scanner + irdp - IRDP sender + irdpresponder - IRDP responder + itrace - ICMP based traceroute + tctrace - TCP SYN based traceroute + protos - ICMP based port scanner + netmask - Asks for netmask via ICMP + file2cable - Dumps any binary file direct to ethernet + dfkaa - Troubleshoot devices formerly known as Ascend (Pipeline, etc) + netenum - Ping scanner designed for shell scripts + hsrp - HSRP failover tester + icmp_redirect - ICMP redirection system + timestamp - ICMP timestamp requester + dhcpx - DHCP server "exerciser" + . + I placed this program in "non-free" because per the license: + 1) A developer is required to get written permission to use code + from IRPAS in derivative works + 2) Users are barred from using this software for illegal purposes --- irpas-0.10.orig/debian/copyright +++ irpas-0.10/debian/copyright @@ -0,0 +1,44 @@ +This package was debianized by Vince Mulhollon on +Mon, 16 Dec 2002 18:30:38 -0600. + +It was downloaded from: http://www.phenoelit.de/irpas/download.html + +Upstream Author: fx@phenoelit.de + +Copyright: + +Phenoelit License + +Phenoelit tools and all components and concepts included are copyright +by FX (c) 2000, 2001 +The software is free for non-commercial use. It may be modified and used +as it is, or parts of it, in any free software project, if the following +notice is included in the documentation and source code: + +"This free software uses code and/or concepts developed by Phenoelit +(http://www.phenoelit.de) with the permission of the original developers." + +Commercial applications making use of the code, part of the code or concepts +provided in the software or documents are required to obtain a written +permission from the original developer. Such permission can be obtained +from FX uppon request. + +Use of this software is not limmited. It may be used for commercial or +non-commercial purposes. Donations, especially hardware such as routers +are very welcome, but not required. + +Redistribution, when access to the redistribution is for free or is a fee +to cover cost of production is allowed. Reselling the software is considered +an commercial application + +This program comes as it is. Use it at your own risk. This is software +with ABSOLUTELY NO WARRANTY. This program is distributed in the hope that +it will be useful, but WITHOUT ANY WARRANTY; without even the implied +warranty of FITNESS FOR A PARTICULAR PURPOSE. + +Phenoelit and itīs developers are not responsible for what the user does +with help of our software. THE USER MUST NOT USE SOFTWARE OBTAINED FROM +PHENOELIT FOR ILLEGAL ACTIONS. + +By downloading and / or using our software, you agree with these terms of use. + --- irpas-0.10.orig/debian/dirs +++ irpas-0.10/debian/dirs @@ -0,0 +1,2 @@ +usr/bin +usr/sbin --- irpas-0.10.orig/debian/docs +++ irpas-0.10/debian/docs @@ -0,0 +1 @@ +debian/upstream.txt --- irpas-0.10.orig/debian/file2cable.1 +++ irpas-0.10/debian/file2cable.1 @@ -0,0 +1,39 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH FILE2CABLE 1 "January 1, 2003" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +file2cable \- sends a file as a raw ethernet frame +.SH DESCRIPTION +This manual page documents briefly the +.B file2cable +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. +.PP +This tool is perfect to find new vulnerabilities and test concepts. It sends out any binary file as Ethernet frame - AS IT IS. So make sure you know what you do. Hint: use xxd from the vim package to produce the binary file from hex dumps. +.PP +Usage: +.PP +-v verbose (hex dump to screen) +.PP +-i interface +.PP +-f the file you want to send +.PP +.SH AUTHOR +This manual page was written by Vince Mulhollon , +for the Debian GNU/Linux system (but may be used by others). --- irpas-0.10.orig/debian/igrp.1 +++ irpas-0.10/debian/igrp.1 @@ -0,0 +1,71 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH IGRP 1 "January 1, 2003" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +igrp \- igrp route injector +.SH SYNOPSIS +.B igrp +-i +-v +-f +-a +-S +-D +.SH DESCRIPTION +This manual page documents briefly the +.B igrp +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. +.PP +IGRP is a tool for route injection. The routing protocol IGRP is no longer really widely used in the outside world, but for the first steps, we decided to use this one as a starting point. +.PP +The whole purpose is to define a routing table with all possible parameters by hand without having your system actually running any kind of dynamic routing and sending this information out to the routers. +Since IGRP is a broadcast based protocol, the default behavior is to send these messages to the ip broadcast address (255.255.255.255). If you want to inject a route to a system remote from you, you have to address the 'update' accordingly and make sure that you send the packet(s) with the right source address, so the router accepts the update. +.PP +Before using the tool, you have to design your routing table you want to inject in the target router. It should contain data which makes your route the prefered one for the victim. The format is: +.PP +destination:delay:bandwith:mtu:reliability:load:hopcount +.PP +where destination is the network (192.168.1.0), delay is in ms/10, bandwith in MBit per second, MTU is the maximum transfer unit (1500 for ethernet), reliability and load are in percent (255=100%, 1=0%) and hopcount just in hops. +.PP +Empty lines and lines beginning with # are ignored. +.PP +-i interface +.PP +-v verbose +.PP +-f file, which contains the routes (as much as you like) +.PP +-a autonomous system the IGRP process is running +on, use ASS to find it out or specify a +range to use with -a START -b STOP to send +updates to all AS from START to STOP +(I highly recommend using ASS for this!!) +.PP +-S maybe you need this +.PP +-D If you don't specify this, the broadcast +address is used +.PP +If you want the routes to be persistent (after some testing around), make +up a shell loop and run the program within this loop every 25-30 seconds, +to keep the router beliving your routes. +.PP +.SH AUTHOR +This manual page was written by Vince Mulhollon , +for the Debian GNU/Linux system (but may be used by others). --- irpas-0.10.orig/debian/inetmask.1 +++ irpas-0.10/debian/inetmask.1 @@ -0,0 +1,35 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH INETMASK 1 "January 21, 2003" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +inetmask \- ask for the netmask via ICMP +.SH DESCRIPTION +This manual page documents briefly the +.B inetmask +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. +.PP +inetmask asks for the netmask by ICMP. +.PP +Usage: +.PP +inetmask -d destination -t timeout +.PP +.SH AUTHOR +This manual page was written by Vince Mulhollon , +for the Debian GNU/Linux system (but may be used by others). --- irpas-0.10.orig/debian/irdp.1 +++ irpas-0.10/debian/irdp.1 @@ -0,0 +1,43 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH IRDP 1 "January 1, 2003" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +irdp \- irdp packet sender +.SH DESCRIPTION +This manual page documents briefly the +.B irdp +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. +.PP +This tool sends out IRDP responses. Nothing else ;) +.PP +Usage: +.PP +-i interface +.PP +-p preference of this entry, default is 0 +.PP +-l lifetime of the entry, default: 1800 +.PP +-S maybe you need this +.PP +-D If you don't specify this, the broadcast address is used +.PP +.SH AUTHOR +This manual page was written by Vince Mulhollon , +for the Debian GNU/Linux system (but may be used by others). --- irpas-0.10.orig/debian/irdpresponder.1 +++ irpas-0.10/debian/irdpresponder.1 @@ -0,0 +1,43 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH IRDPRESPONDER 1 "January 1, 2003" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +irdpresponder \- irdpresponder packet sender +.SH DESCRIPTION +This manual page documents briefly the +.B irdpresponder +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. +.PP +-v verbose +.PP +-P enable promiscuous mode +.PP +-i interface +.PP +-p preference of this entry, default is 0 +.PP +-l lifetime of the entry, default: 1800 +.PP +-S maybe you need this +.PP +-D If you don't specify this, the broadcast address is used +.PP +.SH AUTHOR +This manual page was written by Vince Mulhollon , +for the Debian GNU/Linux system (but may be used by others). --- irpas-0.10.orig/debian/irpas.manpages +++ irpas-0.10/debian/irpas.manpages @@ -0,0 +1,9 @@ +debian/ass.1 +debian/cdp.1 +debian/igrp.1 +debian/irdp.1 +debian/irdpresponder.1 +debian/file2cable.1 +debian/itrace.1 +debian/tctrace.1 +debian/inetmask.1 --- irpas-0.10.orig/debian/itrace.1 +++ irpas-0.10/debian/itrace.1 @@ -0,0 +1,53 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH ITRACE 1 "January 13, 2003" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +itrace \- similar to traceroute, yet uses ICMP echo +.SH DESCRIPTION +This manual page documents briefly the +.B itrace +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. +.PP +Itrace is a program that implements traceroute(1) functionality using ICMP echo request packets. +.PP +Therefore, it looks like you are just pinging your target while you traceroute there. +.PP +It often helps tracing behind firewalls. +.PP +Typical Usage: +.PP +itrace -i eth0 -d www.phenoelit.de +.PP +-v verbose +.PP +-n reverse lookup answering IPs (slow!) +.PP +-p x send x probes per hop (default=3) +.PP +-m x set TTL max to x (default=30) +.PP +-t x timout after x seconds (default=3) +.PP +-i interface the normal eth0 stuff +.PP +-d destination Name or IP of destination +.PP +.SH AUTHOR +This manual page was written by Vince Mulhollon , +for the Debian GNU/Linux system (but may be used by others). --- irpas-0.10.orig/debian/rules +++ irpas-0.10/debian/rules @@ -0,0 +1,83 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS))) + CFLAGS += -g +endif +ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) + INSTALL_PROGRAM += -s +endif + +configure: configure-stamp +configure-stamp: + dh_testdir + # Add here commands to configure the package. + + touch configure-stamp + + +build: build-arch build-indep +build-arch: build-stamp +build-indep: build-stamp + +build-stamp: configure-stamp + dh_testdir + + # Add here commands to compile the package. + #$(MAKE) + #/usr/bin/docbook-to-man debian/irpas.sgml > irpas.1 + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + + # Add here commands to clean up after the build process. + $(MAKE) clean + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_prep + dh_installdirs + + # Add here commands to install the package into debian/irpas. + $(MAKE) DESTDIR=$(CURDIR)/debian/irpas + + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installdocs + dh_installexamples + dh_installmenu + dh_installman + dh_installinfo +# dh_undocumented + dh_installchangelogs + dh_link + dh_strip + dh_compress + dh_fixperms +# dh_makeshlibs + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- irpas-0.10.orig/debian/tctrace.1 +++ irpas-0.10/debian/tctrace.1 @@ -0,0 +1,57 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH TCTRACE 1 "January 13, 2003" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +tctrace \- similar to traceroute, yet uses TCP SYN packets +.SH DESCRIPTION +This manual page documents briefly the +.B tctrace +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. +.PP +TCtrace is like itrace a traceroute(1) brother - but it uses TCP SYN packets to trace. +.PP +This makes it possible for you to trace through firewalls if you know one TCP service that is allowed to pass from the outside. +.PP +Typical Usage: +.PP +tctrace -i eth0 -d www.phenoelit.de +.PP +-v verbose +.PP +-n reverse lookup answering IPs (slow!) +.PP +-p x send x probes per hop (default=3) +.PP +-m x set TTL max to x (default=30) +.PP +-t x timout after x seconds (default=3) +.PP +-D x destination port x (default=80) +.PP +-S x source port x (default=1064) +.PP +-i interface the normal eth0 stuff +.PP +-d destination Name or IP of destination +.PP +Note there have been bugs reported on tctrace. It sometimes has a mind of its own. +.PP +.SH AUTHOR +This manual page was written by Vince Mulhollon , +for the Debian GNU/Linux system (but may be used by others). --- irpas-0.10.orig/debian/upstream.txt +++ irpas-0.10/debian/upstream.txt @@ -0,0 +1,17 @@ +How to generate a irpas_0.10.tar.gz + +build depends libpcap-dev +depends on libpcap0.7 + +mkdir irpas-0.10 + +Download irpas_0.10.tar.gz from http://www.phenoelit.de/irpas/download.html + +tar -xzf irpas_0.10.tar.gz + +rm irpas_0.10.tar.gz + +rm -Rf libpcap-0.4/ + +tar -czf irpas_0.10.orig.tar.gz irpas-0.10/ + --- irpas-0.10.orig/dhcpx.c +++ irpas-0.10/dhcpx.c @@ -19,6 +19,7 @@ #include #include #include +#include #include "protocols.h" #include "packets.h" @@ -26,7 +27,7 @@ /* we need a sniffer enigine here */ #include -#include +#include /* definitions */ #define IP_BCAST "255.255.255.255" --- irpas-0.10.orig/enum.h +++ irpas-0.10/enum.h @@ -19,4 +19,4 @@ int enum_print(void); void enum_free(void); -#endif _ENUM_H_ +#endif /* _ENUM_H_ */ --- irpas-0.10.orig/icmp_redirect.c +++ irpas-0.10/icmp_redirect.c @@ -24,7 +24,7 @@ #include "build.h" #include -#include +#include /* definitions */ #define IPTTL 0x80 --- irpas-0.10.orig/irdpresponder.c +++ irpas-0.10/irdpresponder.c @@ -17,6 +17,7 @@ #include #include #include +#include #include /* for IPPROTO_bla consts */ #include @@ -24,7 +25,7 @@ #include #include -#include +#include #include "protocols.h" #include "packets.h" --- irpas-0.10.orig/itrace.c +++ irpas-0.10/itrace.c @@ -19,6 +19,7 @@ #include #include #include +#include #include "protocols.h" #include "packets.h" --- irpas-0.10.orig/netmask.c +++ irpas-0.10/netmask.c @@ -19,6 +19,7 @@ #include #include #include +#include #include "protocols.h" #include "packets.h" --- irpas-0.10.orig/packets.c +++ irpas-0.10/packets.c @@ -348,7 +348,7 @@ #ifdef __DEBUG__ fprintf(stderr,"send_ethernet_frame(): " "WARNING: short send %d out off %d\n",sendBytes,frame_length); -#endif __DEBUG__ +#endif /* __DEBUG__ */ } return sendBytes; @@ -388,7 +388,7 @@ if( count > 0 ) { #ifdef __DEBUG__ printf("Left over byte: %04X\n",((*wrd & 0xFF)<<8)); -#endif __DEBUG__ +#endif /* __DEBUG__ */ sum = sum + ((*wrd &0xFF)<<8); } --- irpas-0.10.orig/packets.h +++ irpas-0.10/packets.h @@ -48,4 +48,4 @@ void makenonblock(int s); int makebcast(int s); -#endif _PACKET_H_ +#endif /* _PACKET_H_ */ --- irpas-0.10.orig/protocol-numbers.h +++ irpas-0.10/protocol-numbers.h @@ -274,5 +274,5 @@ {0,NULL,NULL} }; -#endif _PROTOCOL_NUMBERS_H_ +#endif /* _PROTOCOL_NUMBERS_H_ */ --- irpas-0.10.orig/protocols.h +++ irpas-0.10/protocols.h @@ -155,12 +155,12 @@ /* ************************************************************ * IP version 4 * ************************************************************/ -#define IPPROTO_ICMP 0x01 +/* #define IPPROTO_ICMP 0x01 */ #define IPPROTO_IGRP 0x09 -#define IPPROTO_UDP 0x11 +/* #define IPPROTO_UDP 0x11 */ #define IPPROTO_EIGRP 0x58 #define IPPROTO_OSPF 0x59 -#define IPPROTO_GRE 0x2f +/* #define IPPROTO_GRE 0x2f */ #define IP_ADDR_LEN 4 typedef struct { @@ -617,4 +617,4 @@ u_int8_t value; } dhcp_option_t; -#endif _PROTOCOLS_H_ +#endif /* _PROTOCOLS_H_ */ --- irpas-0.10.orig/protos.c +++ irpas-0.10/protos.c @@ -20,6 +20,7 @@ #include #include #include +#include #include "protocols.h" #include "packets.h" --- irpas-0.10.orig/timestamp.c +++ irpas-0.10/timestamp.c @@ -19,6 +19,7 @@ #include #include #include +#include #include "protocols.h" #include "packets.h"