Randy Chou wrote: > Hi, > > I had some comments regarding the plugin: "racoon_cookie_malloc_dos.nasl" > > > The script as is does: > > 1. create udp > - send initiator packet > - recv responder packet > 2. create udp > - send malicious packet > - recv malicious packet > 3. repeat #1 w/ new UDP port and expect a packet > > > Note that #2 and #3 create a new source UDP port while the icookie is > still the same. I don't believe the VPN server needs to reply in #3 to > the port recv'd in #3 as it has the same icookie as #1 until such > exchange times out (20-60 seconds later). > > I would suggest changing the logic in #3 to: > > - reuse udp port from #1 and expect a packet. > > Here is the diff: > > diff racoon_cookie_malloc_dos.nasl > ../plugins_orig/racoon_cookie_malloc_dos.nasl > 97,99c97,99 > < soc2 = open_sock_udp(port); > < send(socket:soc2, data:req); > < r = recv(socket:soc2, length:1024); > --- >> soc = open_sock_udp(port); >> send(socket:soc, data:req); >> r = recv(socket:soc, length:1024); > 102c102 > < # reuse the original port > --- >> soc=open_sock_udp(port); > > > > Regards, > > > -- > Randy > Thanks Randy, your changes are in CVS. John _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Mon Nov 15 2004 - 05:17:35 PST