-
Notifications
You must be signed in to change notification settings - Fork 3
/
cyberwar_timing.c
executable file
·136 lines (105 loc) · 3.61 KB
/
cyberwar_timing.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
/*
development for a timing algorithm to determine by seq/source port whether or not by the current time
if we should generate two packets for some SYN/ACK packet we received from a webserver
the entire concept of whether or not we should process the packet BEFORE this should also be included
it shoold be a simplle 1-2 line checksum (as quick as possible).. it could simply eb by the source port...
anyways
ill develop this heere.
we do not want to use more than 1 second timings... i dont want to rely on anyting too strange, or specific..
also the helper box will need the same exact time (maybe ntp) as the router/passive monitoring system
all packets can be pregenerated for future time slices thus making sure we can reach a certain amount in the window timme
im thinking a window of 1.5-2seconds should be fine. so maybe 2-3...
we will also ignore everything above our seq:1, and anything from remote side after its initial SYN/ACK...
i really dont believev there will be any problems... only pure mass attack
anwyays
epoch % 60 might be the best... its quick, simple.. allows us to prepare by 2second slices
int epoch=time(0);
int minutes = epoch % 60;
*/
#include <stdio.h>
#include <stdio.h>
#include <stdint.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
typedef struct _seq_oracle {
unsigned char a : 4; // secs/2 & f
unsigned char b : 4; // secs%2 & f
unsigned short c : 4; // IP & ff
unsigned short d : 8; // port & ff
unsigned short e : 4; // chk
} SequenceOracle;
typedef union {
SequenceOracle a;
uint32_t b;
} abc;
// if we ONLY monitor for SYN+ACK AND pass this... regardless of some time warp it shoould still function properly..
// a better version can be done but im just winging this to get it released quickly... it wont take long to redo
int packet_filter(uint32_t seq, uint32_t ip, int port, uint32_t ts) {
abc xyz;
int i = 0;
xyz.b=0;
xyz.a.c = ((ip%1024) & 0x000000ff);
xyz.a.d = port & 0x000000ff;
ts -= 3;
for (i =0; i < 5; i++) {
xyz.a.a = ((ts+i)/2)& 0x0000000f;
xyz.a.b = ((ts+i)%2)& 0x0000000f;
xyz.a.e = ((xyz.a.c+xyz.a.d)&0x000000ff);
if (xyz.b == seq) {
printf("match at %d\n", i);
return 1;
}
}
return 0;
}
int main(int argc, char *argv[]) {
int epoch=time(0);
int secs = epoch % 60;
union {
SequenceOracle a;
uint32_t b;
} abc;
int i = 0;
int t = 0;
int r = 0;
uint32_t seq = 0;
unsigned char a = secs/2 & 0x0000000f;
unsigned char b = secs%2 & 0x0000000f;
unsigned short c = ((inet_addr("8.8.8.8") % 1024) & 0x000000ff);
unsigned short d = 60000 & 0x000000ff;
unsigned short e = 0;
t = time(0);
if (argc == 1) {
t+=2;
for (i = 0; i < 30; i++) {
abc.b = 0;
a = ((t+i)/2) & 0x0000000f;
b = ((t+i)%2) & 0x0000000f;
c = ((inet_addr("8.8.8.8") % 1024) & 0x000000ff);
d = 60000 & 0x000000ff;
e = ((c+d)&0x000000ff);
printf("a %d b %d c %d d %d e %d\n", a, b, c, d, e);
abc.a.a = a;
abc.a.b = b;
abc.a.c = c;
abc.a.d = d;
abc.a.e = e&0x000000ff;
printf("%08X i:%d t:%d\n", (uint32_t)abc.b, i, t);
d = abc.a.d;
c = abc.a.c;
b = abc.a.b;
a = abc.a.a;
e = abc.a.e;
printf("a %d b %d c %d d %d e %d\n", a, b, c, d, e);
}
exit(0);
}
sscanf(argv[3], "%08X", &seq);
t = time(0);
r = packet_filter(seq, inet_addr(argv[2]), atoi(argv[1]), t+i);
if (r==1) {
printf("seq %08X ret:%d t:%d\n", seq, r, t);
}
exit(0);
}