[Plugins-writers] False positive in Racoon_cookie_malloc_dos.nasl?

From: Randy Chou (rchou@private)
Date: Fri Nov 12 2004 - 18:52:53 PST


Hi,
 
I had some comments regarding the plugin:
"racoon_cookie_malloc_dos.nasl"
 
 
The script as is does:
 
1. create udp
- send initiator packet
- recv responder packet
2. create udp
-  send malicious packet
- recv malicious packet
3. repeat #1 w/ new UDP port and expect a packet
 
 
Note that #2 and #3 create a new source UDP port while the icookie is
still the same.  I don't believe the VPN server needs to reply in #3 to
the port recv'd in #3 as it has the same icookie as #1 until such
exchange times out (20-60 seconds later).
 
I would suggest changing the logic in #3 to:
 
- reuse udp port from #1 and expect a packet.
 
Here is the diff:
 
diff racoon_cookie_malloc_dos.nasl
../plugins_orig/racoon_cookie_malloc_dos.nasl
97,99c97,99
< soc2 = open_sock_udp(port);
< send(socket:soc2, data:req);
< r = recv(socket:soc2, length:1024);
---
> soc = open_sock_udp(port);
> send(socket:soc, data:req);
> r = recv(socket:soc, length:1024);
102c102
< # reuse the original port
---
> soc=open_sock_udp(port);

 
 
 
Regards,
 
 
--
Randy
 



_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers



This archive was generated by hypermail 2.1.3 : Fri Nov 12 2004 - 19:11:35 PST