Re: [Plugins-writers] False positive in Racoon_cookie_malloc_dos.nasl?

From: John Lampe (jwlampe@private)
Date: Sat Nov 13 2004 - 16:44:08 PST


Thanks Randy,
your changes have been committed after testing.

John

> Randy Chou wrote:
> 
>> Hi,
>>  
>> I had some comments regarding the plugin: "racoon_cookie_malloc_dos.nasl"
>>  
>>  
>> The script as is does:
>>  
>> 1. create udp
>> - send initiator packet
>> - recv responder packet
>> 2. create udp
>> -  send malicious packet
>> - recv malicious packet
>> 3. repeat #1 w/ new UDP port and expect a packet
>>  
>>  
>> Note that #2 and #3 create a new source UDP port while the icookie is 
>> still the same.  I don't believe the VPN server needs to reply in #3 
>> to the port recv'd in #3 as it has the same icookie as #1 until such 
>> exchange times out (20-60 seconds later).
>>  
>> I would suggest changing the logic in #3 to:
>>  
>> - reuse udp port from #1 and expect a packet.
>>  
>> Here is the diff:
>>  
>> diff racoon_cookie_malloc_dos.nasl 
>> ../plugins_orig/racoon_cookie_malloc_dos.nasl
>> 97,99c97,99
>> < soc2 = open_sock_udp(port);
>> < send(socket:soc2, data:req);
>> < r = recv(socket:soc2, length:1024);
>> ---
>>
>>>  soc = open_sock_udp(port);
>>>  send(socket:soc, data:req);
>>>  r = recv(socket:soc, length:1024);
>>
>> 102c102
>> < # reuse the original port
>> ---
>>
>>>  soc=open_sock_udp(port);
>>
>>  
>>  
>>  
>> Regards,
>>  
>>  
>> -- 
>> Randy
>>  
> 
> 



_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers



This archive was generated by hypermail 2.1.3 : Sat Nov 13 2004 - 13:50:08 PST