RE: Needed Help!

[Francisco Rodrigo Cortiñas <frcmsec () terra es>]

The key is not in making the packet, and make the PC send it; what do
you know about the target? You have to know (I think) that Microsoft
closed the bug without the need of a patch, so making the ping of death
is not the way to crash the NT. You have to gather info about your
target to crash it; it’s the first rule of any type of attack.

You have to think about the possibility of making an attack to the
target  though the ICMP protocol, in some of the ports of it (echo
request, echo reply, etc). I don’t know the exact text of your
laboratory question, so I cant tell you if this is what they are asking
you to do.

NOTE:: To make the PC send the packet, you have to modify the Windows. I
don’t tell you more, you said to us you was learning... go and discover
it by yourself.

NOTE2:: To ensure you are sending the packet, put an sniffer on the NT
and see the packets you are sending.

Francisco Rodrigo Cortiñas.
CCNP, MCSE, MCDBA.

-----Mensaje original-----
De: Junaid [mailto:junaid () de21comp net] 
Enviado el: martes, 09 de marzo de 2004 19:55
Para: security-basics () securityfocus com
Asunto: Needed Help!

HELO

Thanks for you response for my question. although it still haven't
solved my
problem. but I am still trying. a few things I would like to say about
the
suggestions received;

windows (98&2K) cannot send ping packet > 65500 bytes (using ping -l
size
...) . surprising win95 was able to send max of 65520. anyway I want it
to
send a packet >= 65535 in size. I got the code for ping of death from
insecure.org, compiled it under linux, it ran but it was ineffective in
crashing the machine.

about my assignment/project; I am trying to learn and do penetration
testing, and my first sub-task (not submittable) was to crash an NT box
by
sending an ICMP packet size > 65535.


Junaid




------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------