Hello,
Sorry for again common thread to repeat. Actually i tried from my maximum but can't get result. So again i remember you people. Please give me idea.
this is the problem...........
Code:
tcpg_funcs.c: In function ‘tcpg_hping’:
tcpg_funcs.c:33: error: ‘struct tcphdr’ has no member named ‘th_dport’
tcpg_funcs.c:34: error: ‘struct tcphdr’ has no member named ‘th_flags’
tcpg_funcs.c: In function ‘tcpg_oob’:
tcpg_funcs.c:43: error: ‘struct tcphdr’ has no member named ‘th_flags’
tcpg_funcs.c: In function ‘tcpg_portd’:
tcpg_funcs.c:51: error: ‘struct tcphdr’ has no member named ‘th_dport’
tcpg_funcs.c: In function ‘tcpg_queso’:
tcpg_funcs.c:57: error: ‘struct tcphdr’ has no member named ‘th_win’
tcpg_funcs.c: In function ‘tcpg_synflood’:
tcpg_funcs.c:65: error: ‘struct tcphdr’ has no member named ‘th_flags’
tcpg_funcs.c:65: error: ‘struct tcphdr’ has no member named ‘th_flags’
tcpg_funcs.c:66: error: ‘struct tcphdr’ has no member named ‘th_seq’
tcpg_funcs.c:66: error: ‘struct tcphdr’ has no member named ‘th_seq’
tcpg_funcs.c: In function ‘tcpg_syn’:
tcpg_funcs.c:75: error: ‘struct tcphdr’ has no member named ‘th_flags’
tcpg_funcs.c:75: error: ‘struct tcphdr’ has no member named ‘th_flags’
tcpg_funcs.c:76: error: ‘struct tcphdr’ has no member named ‘th_sport’
tcpg_funcs.c:76: error: ‘struct tcphdr’ has no member named ‘th_dport’
tcpg_funcs.c: In function ‘tcpg_land’:
tcpg_funcs.c:82: error: ‘struct tcphdr’ has no member named ‘th_sport’
tcpg_funcs.c:82: error: ‘struct tcphdr’ has no member named ‘th_dport’
tcpg_funcs.c: In function ‘tcpg_kill’:
tcpg_funcs.c:92: error: ‘struct tcphdr’ has no member named ‘th_dport’
tcpg_funcs.c:93: error: ‘struct tcphdr’ has no member named ‘th_sport’
tcpg_funcs.c:94: error: ‘struct tcphdr’ has no member named ‘th_dport’
tcpg_funcs.c:97: error: ‘struct tcphdr’ has no member named ‘th_seq’
tcpg_funcs.c:98: error: ‘TCP_H’ undeclared (first use in this function)
tcpg_funcs.c:98: error: (Each undeclared identifier is reported only once
tcpg_funcs.c:98: error: for each function it appears in.)
tcpg_funcs.c:98: error: ‘IP_H’ undeclared (first use in this function)
this is the program
Header file=====
Code:
#define TCPG_SYN
/* Log QUESO probes. */
#define TCPG_QUESO
/* SYN flooding detection. */
#define TCPG_SYNFLOOD
/* WinNuke detection. */
#define TCPG_OOB
/* Log LAND attacks. */
#define TCPG_LAND
/* Log HPing probes and port 0 connection packets. */
#define TCPG_HPING
/* Shell daemon default port probe detection. */
#define TCPG_PORTD
/* Kill connections to TCP port TCPG_KILL. */
#define TCPG_KILL 110
/* DON'T CHANGE ANYTHING BELOW THIS LINE !!!!!!!!!!!!!! */
/* DON'T CHANGE ANYTHING BELOW THIS LINE !!!!!!!!!!!!!! */
/* DON'T CHANGE ANYTHING BELOW THIS LINE !!!!!!!!!!!!!! */
/* Biggest list of includes you've ever seen, eh?! =;-) */
#include <libnet.h>
#include <syslog.h>
/* Why not make all variables global ?! */
struct ippkt {
struct iphdr ip;
struct tcphdr tcp;
char buffer[5000];
} pkt;
int s, lns;
struct in_addr src_addr;
u_char *buff;
u_int sport, dport;
void tcpg_syn();
void tcpg_hping();
void tcpg_synflood();
void tcpg_portd();
void tcpg_queso();
void tcpg_land();
void tcpg_oob();
void tcpg_die();
void tcpg_init();
void tcpg_kill(u_short);
C file===
Code:
#include "tcpguard.h"
int
main() {
tcpg_init();
if(fork()!=0) _exit(0);
setsid();
syslog(LOG_INFO, "TCPguard made by Nasim Ahmed");
syslog(LOG_INFO, "launched with pid %d.\n", getpid());
while(1) {
read(s, (struct ippkt *)&pkt, 5000);
src_addr.s_addr=0;
src_addr.s_addr=pkt.ip.saddr;
#ifdef TCPG_SYN
tcpg_syn();
#endif
#ifdef TCPG_HPING
tcpg_hping();
#endif
#ifdef TCPG_QUESO
tcpg_queso();
#endif
#ifdef TCPG_SYNFLOOD
tcpg_synflood();
#endif
#ifdef TCPG_KILL
tcpg_kill(TCPG_KILL);
#endif
#ifdef TCPG_LAND
tcpg_land();
#endif
#ifdef TCPG_OOB
tcpg_oob();
#endif
#ifdef TCPG_PORTD
tcpg_portd();
#endif
}
}
Code:
Problem in here...........
#include "tcpguard.h"
u_long prev_seq=0;
void tcpg_die() {
syslog(LOG_INFO, "TCPguard has now found a horrid death.");
_exit(0);
}
void tcpg_init() {
openlog("tcpguard", 0, LOG_DAEMON);
#ifndef NO_EUID_CHECK
if(geteuid()!=0) {
syslog(LOG_INFO, "launched by normal user (uid %d).\n", geteuid());
printf("This program uses raw sockets. On most systems, that requires root.\n");
printf("If you know that your systems allows usage of raw sockets by normal\n");
printf("users, re-compile the program with -DNO_EUID_CHECK.\n");
_exit(1);
}
#endif
if((s=socket(AF_INET, SOCK_RAW, IPPROTO_TCP))==-1) {
perror("socket()"); _exit(2); }
}
/* HPing detection. (also makes noise if it finds packets sent to port 0)
*/
void tcpg_hping() {
if(pkt.tcp.th_dport==0)
if(pkt.tcp.th_flags&TH_FIN)
syslog(LOG_INFO, "WARNING: HPing packet detected from %s !", inet_ntoa(src_addr));
else syslog(LOG_INFO, "WARNING: Packet to TCP port 0 from %s !", inet_ntoa(src_addr));
}
/* OOB check... this usually means WinNuke...
* There still are many kiddies out there who try to winnuke ppl...
*/
void tcpg_oob() {
if(pkt.tcp.th_flags&TH_URG)
syslog(LOG_INFO, "ATTACK: WinNuke attempt from %s !", inet_ntoa(src_addr));
}
/* A common shell daemon uses 31337 as the default TCP port...
* Sscan tries to connect to this port...
*/
void tcpg_portd() {
if(pkt.tcp.th_dport==htons(31337))
syslog(LOG_INFO, "WARNING: Backdoor on 31337 probed from %s !", inet_ntoa(src_addr));
}
/* Queso sends all its packets with a constant window size ... */
void tcpg_queso() {
if(pkt.tcp.th_win==htons(4660))
syslog(LOG_INFO, "ATTACK: A packet probably sent by QUESO was received !");
}
/* A rather basic detector for a couple of TCP/IP-based attacks.
* (especially SYN-flooding)
*/
void tcpg_synflood() {
if((pkt.tcp.th_flags&TH_SYN)&&(!(pkt.tcp.th_flags&TH_ACK)))
if(pkt.tcp.th_seq!=prev_seq) prev_seq=pkt.tcp.th_seq; else {
syslog(LOG_INFO, "ATTACK: YOU ARE BEING SYN-FLOODED !");
syslog(LOG_INFO, "ATTACK: YOU ARE BEING SYN-FLOODED !!");
syslog(LOG_INFO, "ATTACK: YOU ARE BEING SYN-FLOODED !!!");
tcpg_die();
}
}
void tcpg_syn() {
if((pkt.tcp.th_flags&TH_SYN)&&(!(pkt.tcp.th_flags&TH_ACK)))
syslog(LOG_INFO, "WARNING: TCP connection attempted from %s:%d to port %d.", inet_ntoa(src_addr), ntohs(pkt.tcp.th_sport), ntohs(pkt.tcp.th_dport));
}
/* Land attack check.
*/
void tcpg_land() {
if((pkt.ip.saddr==pkt.ip.daddr)&&(pkt.tcp.th_sport==pkt.tcp.th_dport))
syslog(LOG_INFO, "ATTACK: LAND attack detected !!!");
}
/* Sends a RST to the client...KILLAH !.. =;-) */
void tcpg_kill(u_short kport) {
u_long src_ip=0, dst_ip=0, ack;
/* The following kills all TCP connections to port kport ! */
/* WARNING: This part does not make any checks !!! */
if(ntohs(pkt.tcp.th_dport)==kport) {
sport=ntohs(pkt.tcp.th_sport);
dport=ntohs(pkt.tcp.th_dport);
src_ip=pkt.ip.daddr;
dst_ip=pkt.ip.saddr;
ack=ntohl(pkt.tcp.th_seq)+1;
buff=malloc(TCP_H+IP_H);
bzero(buff, TCP_H+IP_H);
build_ip(TCP_H, IPTOS_LOWDELAY | IPTOS_THROUGHPUT, 242, 0, 64, IPPROTO_TCP, src_ip, dst_ip, NULL, 0, buff);
build_tcp(sport, dport, ack, ack, TH_RST, 4096, 0, NULL, 0, buff+IP_H);
do_checksum(buff, IPPROTO_TCP, TCP_H);
lns=open_raw_sock(IPPROTO_RAW);
syslog(LOG_INFO, "WARNING: Killing connection from %s to port %d.", inet_ntoa(src_addr), kport);
write_ip(lns, buff, IP_H+TCP_H);
close(lns);
}
}
please help me.