Vulnerability Development mailing list archives
Re: Help with Protos tool output interpretation
From: Eric Brandwine <ericb () UU NET>
Date: 22 Feb 2002 00:15:55 +0000
"rp" == Reidy, Patrick <Patrick.Reidy () veritect com> writes:
rp> Quick question for any protos users out there, all others can rp> ignore: Running the protus tool in the lab and watching the output rp> I don't see an easily understandable way to map the results to the rp> exact string that caused the given targeted device to go paws up. rp> Is it the case that any device that responds to a given string rp> when using the -showreply option is vulnerable to that given rp> string? This is only possible when working on a device for which your queries are valid. In this case, that means that 'public' is a valid query string, and your test box is within any of the device's ACLs. Run the testsuite -zerocase. This will send packet 0 between each attack packet. Packet 0 is a valid query packet, and will generate a valid response. The tool will wait for this response before sending the next attack packet. This is not possible if you are testing either or both of invalid community string/invalid IP addr. Also, this is not possible for trap testing. Furthermore, we found several devices that had no SNMP specific vulnerabilities. But some of the attack packets are quite large, and these devices would crash upon recieving one of these huge fragmented packets. ericb -- Eric Brandwine | A great many people think they are thinking when they UUNetwork Security | are merely rearranging their prejudices. ericb () uu net | +1 703 886 6038 | - William James Key fingerprint = 3A39 2C2F D5A0 FC7C 5F60 4118 A84A BD5D 59D7 4E3E
Current thread:
- Help with Protos tool output interpretation Reidy, Patrick (Feb 21)
- Re: Help with Protos tool output interpretation Eric Brandwine (Feb 21)