Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- * - nudgeval (nudge sysctl values related to network stack)
- * nudges sysctl(2) values using sysctlbyname(3)
- * specifically those controlling the network stack, _TCP/IP/ICMP/IGMP/UDP/...
- * this works wonders for nmap -O and other fingerprint detection evasion.
- *
- * -n@mod.net
- *
- * TODO: port to Linux sysctl interface with new naming convention, net.ipv4/ipv6/etc...
- * Under the /proc/sys filesystem directory.
- * TODO: Some of these sysctls are using values outside the normal ranges, tune that, and add more.
- *
- * Notes: before running this, nmap -O on high sierra, returns 'Aggressive OS guesses' that include OSX
- * after running this, it has no idea what OS I am running (whether nmap -O localhost or from remote host)
- */
- #include <stdio.h>
- #include <stdlib.h>
- #include <stdarg.h>
- #include <unistd.h>
- #include <string.h>
- #include <sys/time.h>
- #include <sys/types.h>
- #include <sys/socket.h>
- #include <sys/sysctl.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
- #include <netdb.h>
- #include <err.h>
- #define RANDOMIZE (-1)
- #define NET_INET "net.inet."
- #define _IP_PORTRANGE NET_INET "ip.portrange"
- #define _IP NET_INET "ip."
- #define _ICMP NET_INET "icmp."
- #define _TCP NET_INET "tcp."
- #define _IGMP NET_INET "igmp."
- #define _UDP NET_INET "udp."
- #define _IPSEC NET_INET "ipsec."
- #define _RAW NET_INET "raw."
- #define _MPTCP NET_INET "mptcp."
- #define _USE_SYSLOG 0
- #if _USE_SYSLOG == 1
- #define syslog syslog
- #else
- #define syslog warnx
- #endif
- struct sysctls {
- char *name;
- int def;
- int low;
- int hi;
- int mlsecs;
- struct timeval last;
- };
- struct sysctls ctl[] = {
- { _IP "forwarding", 0, 0, 0, 0, { 0, 0 } },
- { _IP "sourceroute", 0, 0, 0, 0, { 0, 0 } },
- { _IP "redirect", 0, 0, 0, 0, { 0, 0 } },
- { _IP "gifttl", 0, 0, 0, 0, { 0, 0 } },
- { _IP "accept_sourceroute", 0, 0, 0, 0, { 0, 0 } },
- { _IP "ttl", 64, 30, 64, 100000, { 0, 0 } },
- { _IP "rtexpire", 10, 5, 25, 100000, { 0, 0 } },
- { _IP "rtminexpire", 10, 1, 16, 40000, { 0, 0 } },
- { _IP "rtmaxcache", 128, 100, 200, 10000000, { 0, 0 } },
- { _IP "log_restricted", 1, 1, 1, 0, { 0, 0 } },
- { _UDP "log_in_vain", 4, 4, 4, 0, { 0, 0 } },
- { _UDP "blackhole", 1, 1, 1, 0, { 0, 0 } },
- { _MPTCP "enable", 0, 1, 0, 10000, { 0, 0 } },
- { _TCP "log_in_vain", 4, 4, 4, 0, { 0, 0 } },
- { _TCP "rfc1644", 0, 1, 0, 200000, { 0, 0 } },
- { _TCP "delayed_ack", 3, 0, 4, 100000, { 0, 0 } },
- { _TCP "blackhole", 2, 1, 2, 50000, { 0, 0 } },
- { _ICMP "icmplim", 5, 0, 50, 25000, { 0, 0 } },
- { _MPTCP "log_restricted", 1, 1, 1, 0, { 0, 0 } },
- { _TCP "cc_debug", 1, 1, 1, 0, { 0, 0 } },
- { _TCP "newreno_sockets", 0, 0, 16, 30000, { 0, 0 } },
- { _TCP "use_newreno", 1, 0, 1, 40000, { 0, 0 } },
- { _TCP "cubic_sockets", 0, 10, 0, 20000, { 0, 0 } },
- { _TCP "background_sockets", 1, 20, 0, 120000, { 0, 0 } },
- { _TCP "cubic_tcp_friendliness", 0, 0, 1, 100000, { 0, 0 } },
- { _TCP "cubic_fast_convergence", 0, 0, 1, 10000, { 0, 0 } },
- { _TCP "slowstart_flightsize", 15, 5, 50, 10000, { 0, 0 } },
- { _TCP "icmp_may_rst", 0, 0, 1, 12000, { 0, 0 } },
- { _TCP "fastopen", 3, 0, 3, 48000, { 0, 0 } },
- { _TCP "fastopen_backlog", 12, 3, 16, 240000, { 0, 0 } },
- { _TCP "sack", 1, 0, 1, 10000, { 0, 0 } },
- { _TCP "rfc3390", 1, 0, 1, 10000, { 0, 0 } },
- { _TCP "rfc3645", 1, 1, 1, 0, { 0, 0 } },
- { _TCP "rfc3645_lim2", 1, 0, 3, 20000, { 0, 0 } },
- { _TCP "drop_synfin", 1, 0, 1, 24000, { 0, 0 } },
- { _TCP "enable_tlp", 1, 0, 1, 50000, { 0, 0 } },
- { _TCP "ack_prioritize", 1, 0, 1, 40000, { 0, 0 } },
- { _TCP "rfc3390", 1, 0, 1, 205000, { 0, 0 } },
- { _TCP "tcp_lq_overflow", 1, 0, 1, 200000, { 0, 0 } },
- { NULL, 0, 0, 0, 0, { 0, 0 } },
- };
- int do_sysctl();
- int nudgesys();
- /*
- * do a sysctlbyname(2) and return success or failure.
- */
- int
- do_sysctl(char *name, void *newp, size_t size)
- {
- int err, oval;
- size_t olen = 0;
- char buf[256];
- /* get size of buffer we will need */
- err = sysctlbyname(name, &oval, &olen, newp, size);
- // sprintf(buf, "sysctl -w %s=%d", name, *(int *)newp);
- // system(buf);
- if (err < 0) {
- perror("sysctlbyname");
- return -1;
- }
- return 0;
- }
- /*
- * nudgesys
- * takes care of nudging a sysctl value if the time is right, and updating the last timeval.
- */
- int
- nudgesys(struct sysctls *sc)
- {
- size_t size = sizeof(int);
- int i, val, do_nudge = 0;
- struct timeval tv, tvdiff;
- gettimeofday(&tv, NULL);
- if (sc->last.tv_sec == 0 && sc->last.tv_usec == 0) {
- /*
- * Never been updated since first started.
- */
- memcpy(&sc->last, &tv, sizeof(struct timeval));
- do_nudge++;
- }
- if (tv.tv_sec > sc->last.tv_sec) /* seconds make it automtically furhter/larger in time. */
- {
- memcpy(&sc->last, &tv, sizeof(struct timeval));
- do_nudge++;
- }
- if (tv.tv_sec == sc->last.tv_sec) { /* Our television sets are getting hacked. */
- if (tv.tv_sec > sc->last.tv_sec)
- fprintf(stderr, "Unless 'usec' is higher than 'usec' (sec == sec).\n");
- if (tv.tv_usec > sc->last.tv_usec)
- do_nudge++;
- }
- else
- if (tv.tv_usec > sc->last.tv_usec && tv.tv_sec == sc->last.tv_sec)
- fprintf(stderr, "Unless 'sec' is higher than 'usec'\n");
- /*
- * Analysis portion.
- */
- if (do_nudge) {
- if (sc->mlsecs == 0 || (sc->hi == 0 && sc->low == 0))
- return 0;
- val = (rand() % (sc->hi - sc->low)) + sc->low;
- size = sizeof(val);
- if (do_sysctl(sc->name, &val, size) < 0) {
- syslog("nudgeval[%d]: nudgesys(): do_sysctl(%s, %d, %zu) < 0", getpid(),
- sc->name, val, size);
- syslog("nudgeval[%d]: nudgesys(): sc->def = %d, sc->hi = %d, sc->low = %d,"
- " sc->mlsecs = %u, sc->last.tv_sec = %u, sc->last.tv_usec = %u",
- getpid(), sc->def, sc->hi, sc->low, sc->mlsecs, sc->last.tv_sec,
- sc->last.tv_usec);
- return -1;
- }
- /*
- * Succeeded in nudging the sysctl value.
- */
- return 0;
- }
- return -2; /* Not changed. */
- }
- int
- main(int argc, char **argv)
- {
- struct sysctls *sc;
- int i;
- time_t t;
- time(&t);
- srand(t);
- for (;;) {
- for (i = 0; ctl[i].name != NULL; i++) {
- sc = &ctl[i];
- nudgesys(sc);
- usleep(sc->mlsecs);
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement