Nasty ping with pattern '+++ATH0' - how to stop?

[Bosko Radivojevic <bole bolex bolex co yu>]

Hello!

Well-known thing is abusive use of ping abillity to fill out the ICMP
packet with '+++ATH0', which will cause hangup on 'bad' modems. The
defense, at the clinet side, is to add 'S2=255' to modem settings. 

This 'technique' is used in irc wars, and other abusive attacks, and shell
providers have a lot of problems with that. There are two ways to forbid
users of doing all those 'hangups'. First, is to close outgoing pings, and
second one is to disallow using ping with -p option (wrapper, directly in
code, etc). But, -p option could be useful for diagnosing data-dependent
problems in a network, so better solution is to log usings of ping -p
option.

This little patch (in attachment) will enable logging via syslogd(8).
Messages are logged with 'warrning' priority, and consist of PID, UID,
pattern, and pinged target. Patch is made for netkit-base-0.10, a part of
Slackware, and other distributions too.

Sincerely,
Bosko

[mod: Logging at the ISP will not help people who have a decent
machine/modem from pinging others. People who are annoyed by others
shutting down their link can specify "escape 41 61" to have ppp escape
all A's before transmission. (Untested: my link didn't hangup when I
tried it...) -- REW ]

--- netkit-base-0.10-old/ping/ping.c	Sun Jun  8 21:39:50 1997
+++ netkit-base-0.10/ping/ping.c	Mon Nov  8 03:10:38 1999
@@ -66,7 +66,8 @@
 #include <sys/file.h>
 #include <sys/time.h>
 #include <sys/signal.h>
-
+#include <syslog.h>
+                                   
 #include <netinet/in.h>
 #include <netinet/ip.h>
 #include <netinet/ip_icmp.h>
@@ -197,6 +198,9 @@
 static void pr_icmph(struct icmphdr *icp);
 static void pr_retip(struct iphdr *ip);
 
+#ifdef LOG_PATTERN_USE
+char _pattern[17];
+#endif
 
 int
 main(int argc, char *argv[])
@@ -291,6 +295,9 @@
 		case 'p':		/* fill buffer with user pattern */
 			options |= F_PINGFILLED;
 			fill(datap, optarg);
+#ifdef LOG_PATTERN_USE
+			strncpy (_pattern, optarg, 16);
+#endif
 			break;
 		case 'q':
 			options |= F_QUIET;
@@ -356,9 +363,22 @@
 		usage();
 	target = *argv;
 
+#ifdef LOG_PATTERN_USE
+	if (options != (options&~F_PINGFILLED)) {    /* pattern was used */
+		char *line;
+		
+		openlog ("ping", LOG_PID, LOG_AUTHPRIV);
+		line = (char *) malloc (1024);
+		snprintf (line, 1023, "UID=%d used with pattern '%s' on host %s\n", getuid(), _pattern, target);
+		syslog (LOG_WARNING, "%s", line);
+		closelog ();
+		free (line);
+	}
+#endif
 	memset(&whereto, 0, sizeof(struct sockaddr));
 	to = (struct sockaddr_in *)&whereto;
+
	to->sin_family = AF_INET;
	if (inet_aton(target, &to->sin_addr)) {
		hostname = target;

--- netkit-base-0.10-old/configure	Mon May 19 11:55:00 1997
+++ netkit-base-0.10/configure	Mon Nov  8 03:56:26 1999
@@ -28,6 +28,7 @@
     --daemonmode=mode     Mode for daemon binaries [same as binmode]
     --manmode=mode        Mode for manual pages [644]
     --suidmode=mode       Mode for setuid programs [4755]
+    --pattern-logging     Enable logging ping with pattern
 EOF
 	exit 0;;
 	--verbose) ;;
@@ -42,6 +43,8 @@
 	--daemonmode=*) DAEMONMODE=`echo $1 | sed 's/--daemonmode=//'` ;;
 	--manmode=*) MANMODE=`echo $1 | sed 's/--manmode=//'` ;;
 	--suidmode=*) SUIDMODE=`echo $1 | sed 's/--suidmode=//'` ;;
+        --pattern-logging) PATTERN_LOG=1;;
+
 	*) echo "Unrecognized option: $1"; exit 1;;
 esac 
 shift
@@ -505,6 +508,13 @@
   CFLAGS="${CFLAGS} -D__USE_BSD_SIGNAL"
 fi;fi
 
+
+########################################################################
+
+if [ "$PATTERN_LOG" = "1" ]; then
+	CFLAGS="${CFLAGS} -DLOG_PATTERN_USE"
+	echo "Added -DLOG_PATTERN_USE to CFLAGS..."
+fi
 
 ########################################################################