#!/usr/bin/perl #Copyright 2003 William Stearns #Released under the GPL #Version 0.2.1 #Usage: netreply.pl [IP or hostname] [Another IP or hostname]... #This will provide echo replies for any IP's listed on the command line #for any packets recieved by this machine; perfect for lying routers #that want the attacker to believe non-existant hosts exist. You'll #want to block outbound "host unreachables" for any hosts this program #sends pings for. If no IP's specified, this will send back echo #replies for any IP address it sees. #Requires perl-Net-RawIP; see http://www.stearns.org/perl/ for RPMs or #http://www.cpan.org for source. use strict; use warnings; use Net::RawIP qw(:pcap); my $OnePacket = new Net::RawIP({icmp => {}}); #icmp=>{} needed to extract icmp values from it later my $Device = "eth0"; my $BPFilter = "proto \\icmp and icmp[0]=8"; my $Snaplen = 1500; my $Timeout = -1; my $PacketsToProcess = -1; #All if (my $PingHost = shift) { $BPFilter = "$BPFilter and (dst host $PingHost"; while (my $AnotherPingHost = shift) { $BPFilter = "$BPFilter or dst host $AnotherPingHost"; } $BPFilter = "$BPFilter )"; } #print "Listening on: $BPFilter\n"; my $pcap = $OnePacket->pcapinit($Device,$BPFilter,$Snaplen,$Timeout); loop $pcap, $PacketsToProcess, \&Reply, $OnePacket; sub Reply { $OnePacket->bset(substr($_[2],14)); my $OneReply = new Net::RawIP({icmp => {} }); my ($Tos, $Saddr, $Daddr) = $OnePacket->get({ ip => [qw(tos saddr daddr)] }); my ($Id, $Sequence, $Payload) = $OnePacket->get({ icmp => [qw(id sequence data)]}); #Hmmm, force code to 0 or mirror incoming code? $OneReply -> set ( { ip => { tos => $Tos, saddr => $Daddr, daddr => $Saddr }, icmp => { type => 0, code => 0, id => $Id, sequence => $Sequence, data => $Payload } } ); $OneReply -> send; }