Penetration Testing mailing list archives
Re: A tool for crafting ESP packets
From: "samsi data" <samsidata () hotmail com>
Date: Mon, 26 Nov 2001 04:00:44 +0000
Actually nmap does send malformd AH/ESP datagrams (or packets, not sure what else you would call them). Well, sort of. Do a tcpdump while doing an nmap IP Protocol scan and you will see zero length AH/ESP (IP protocol 51/50) datagrams (as well as every other IP protocol between 0 and 255) being sent to the target with the goal of eliciting an ICMP IP Protocol unreachable.
There was vulnerability in OpenBSD's IPSEC implementation where you could crash the box with an Nmap IP Protocol scan that illustrates this issue. See http://securityfocus.com/bid/1723
- s d
Can you give me a URL to where it says NMAP crafts ESP packets, as I've readall through the documentation and man page. Also, AH isn't a "packet" it provides authentication mechanisms for IP datagrams and protection against replay attacks. RFC 2402: ftp://ftp.isi.edu/in-notes/rfc2402.txt Loki www.fatelabs.com On Saturday 24 November 2001 04:44 pm, Nelson Brito wrote:> I guess that the nmap BETA versions can send ESP, AH and a lot of anothers> protocol's packet. >> If you wanna do something differente, just like customize the packets, use> the power, read the code, LUKE. > > Sem mais, ----------------------------------------------------------------------------This list is provided by the SecurityFocus Security Intelligence Alert (SIA)Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
_________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- A tool for crafting ESP packets Loki (Nov 24)
- Re: A tool for crafting ESP packets Nelson Brito (Nov 24)
- Re: A tool for crafting ESP packets Loki (Nov 24)
- Re: A tool for crafting ESP packets Emre Yildirim (Nov 26)
- Re: A tool for crafting ESP packets Nelson Brito (Nov 26)
- Re: A tool for crafting ESP packets Loki (Nov 26)
- Re: A tool for crafting ESP packets Loki (Nov 24)
- Re: A tool for crafting ESP packets Nelson Brito (Nov 24)
- <Possible follow-ups>
- Re: A tool for crafting ESP packets samsi data (Nov 26)
- Re: A tool for crafting ESP packets Loki (Nov 26)
- RE: A tool for crafting ESP packets amok (Nov 28)
- RE: A tool for crafting ESP packets Jose Nazario (Nov 29)