Re: [Plugins-writers] False positive in Racoon_cookie_malloc_dos.nasl?

From: John Lampe (jwlampe@private)
Date: Sat Nov 13 2004 - 15:57:48 PST


Randy Chou wrote:

> Hi,
>  
> I had some comments regarding the plugin: "racoon_cookie_malloc_dos.nasl"
>  
>  
> The script as is does:
>  
> 1. create udp
> - send initiator packet
> - recv responder packet
> 2. create udp
> -  send malicious packet
> - recv malicious packet
> 3. repeat #1 w/ new UDP port and expect a packet
>  
>  
> Note that #2 and #3 create a new source UDP port while the icookie is 
> still the same.  I don't believe the VPN server needs to reply in #3 to 
> the port recv'd in #3 as it has the same icookie as #1 until such 
> exchange times out (20-60 seconds later).
>  
> I would suggest changing the logic in #3 to:
>  
> - reuse udp port from #1 and expect a packet.
>  
> Here is the diff:
>  
> diff racoon_cookie_malloc_dos.nasl 
> ../plugins_orig/racoon_cookie_malloc_dos.nasl
> 97,99c97,99
> < soc2 = open_sock_udp(port);
> < send(socket:soc2, data:req);
> < r = recv(socket:soc2, length:1024);
> ---
>>  soc = open_sock_udp(port);
>>  send(socket:soc, data:req);
>>  r = recv(socket:soc, length:1024);
> 102c102
> < # reuse the original port
> ---
>>  soc=open_sock_udp(port);
>  
>  
>  
> Regards,
>  
>  
> --
> Randy
>  

Thanks Randy,
your changes are in CVS.

John


_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers



This archive was generated by hypermail 2.1.3 : Mon Nov 15 2004 - 05:17:35 PST