Re: A tool for crafting ESP packets

From: samsi data (samsidataat_private)
Date: Sun Nov 25 2001 - 20:00:44 PST

Next message: Habulin, Daniel G: "Router Specific/focused Vuln Scanner"

Previous message: Loki: "Re: A tool for crafting ESP packets"
Maybe in reply to: Loki: "A tool for crafting ESP packets"
Next in thread: Loki: "Re: A tool for crafting ESP packets"
Reply: Loki: "Re: A tool for crafting ESP packets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Actually nmap does send malformd AH/ESP datagrams (or packets, not sure what 
else you would call them). Well, sort of. Do a tcpdump while doing an nmap 
IP Protocol scan and you will see zero length AH/ESP (IP protocol 51/50) 
datagrams (as well as every other IP protocol between 0 and 255) being sent 
to the target with the goal of eliciting an ICMP IP Protocol unreachable.

There was vulnerability in OpenBSD's IPSEC implementation where you could 
crash the box with an Nmap IP Protocol scan that illustrates this issue. See 
http://securityfocus.com/bid/1723

- s d


>
>Can you give me a URL to where it says NMAP crafts ESP packets, as I've 
>read
>all through the documentation and man page. Also, AH isn't a "packet" it
>provides authentication mechanisms for IP datagrams and protection against
>replay attacks.
>
>RFC 2402:
>ftp://ftp.isi.edu/in-notes/rfc2402.txt
>
>Loki
>www.fatelabs.com
>
>
>
>
>On Saturday 24 November 2001 04:44 pm, Nelson Brito wrote:
> > I guess that the nmap BETA versions can send ESP, AH and a lot of 
>anothers
> > protocol's packet.
> >
> > If you wanna do something differente,  just like customize the packets, 
>use
> > the power, read the code, LUKE.
> >
> > Sem mais,
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus Security Intelligence Alert 
>(SIA)
>Service. For more information on SecurityFocus' SIA service which
>automatically alerts you to the latest security vulnerabilities please see:
>https://alerts.securityfocus.com/
>


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Habulin, Daniel G: "Router Specific/focused Vuln Scanner"
Previous message: Loki: "Re: A tool for crafting ESP packets"
Maybe in reply to: Loki: "A tool for crafting ESP packets"
Next in thread: Loki: "Re: A tool for crafting ESP packets"
Reply: Loki: "Re: A tool for crafting ESP packets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Nov 26 2001 - 11:45:19 PST