blob: 6b1facf7be30fc1c3a47f5611dade5563e7d5455 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
$NetBSD: patch-ai,v 1.1 2006/01/08 11:02:10 wiz Exp $
--- sniffit.0.3.5.c.orig 1997-04-18 11:33:58.000000000 +0200
+++ sniffit.0.3.5.c
@@ -411,11 +411,17 @@ int check_packet(unsigned long ipaddr,
proto=unwrap_packet(sp, info);
if(proto == NO_IP) return DONT_EXAMINE; /* no use in trying */
if(proto == NO_IP_4) return DONT_EXAMINE; /* no use in trying */
+ if(proto == CORRUPT_IP)
+ {printf("Suspicious Packet detected... (Split header)\n");
+ return DONT_EXAMINE;}
memcpy(&iphead,(sp+PROTO_HEAD),sizeof(struct IP_header));
so=(unsigned char *)&(iphead.source);
dest=(unsigned char *)&(iphead.destination);
+ if(info->FRAG_nf!=0)
+ {printf("Fragment Skipped...\n"); return DONT_EXAMINE; };
+
if((proto==TCP)&&(PROTOCOLS&F_TCP))
{
#ifdef DEBUG_ONSCREEN
@@ -1220,6 +1226,10 @@ int check_mask (const struct packetheade
proto=unwrap_packet(sp, info);
if(proto == NO_IP) return DONT_EXAMINE; /* no use in trying */
if(proto == NO_IP_4) return DONT_EXAMINE; /* no use in trying */
+ if(proto == CORRUPT_IP) return DONT_EXAMINE; /* no use in trying */
+
+ if(info->FRAG_nf!=0)
+ {return DONT_EXAMINE; };
(*IP_nr_of_packets)++;
if(proto==ICMP)
|
