I meant to say it does NOT generate the correct type of packets below in the last email I sent
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of amilabs Sent: Thursday, July 24, 2003 9:57 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Win32 Cisco Exploit According to protocol trace file analysis it does generate the correct types of packets to cause the exploit. Both the gui and the cmd line send the packets out with ttl 128 and with 0 as the next protocol in the IP header. This is what the app spits out. I did not test against a router just took a quick peek with a protocol analyzer and it does not look like it will work based on the packet trace. Can someone tell me otherwise? ------------ ETHER Header ------------ Destination: 00-03-A3-43-78-6B Source: This Network Analyzer (00-04-55-2D-F8-A7) Protocol: IP FCS: E67BCBFA ------------ IP Header ------------ Version = 4 Header length = 20 Differentiated Services (DS) Field = 0x00 0000 00.. DS Codepoint = Default PHB (0) .... ..00 Unused Packet length = 40 Id = 1ed4 Fragmentation Info = 0x0000 .0.. .... .... .... Don't Fragment Bit = FALSE ..0. .... .... .... More Fragments Bit = FALSE ...0 0000 0000 0000 Fragment offset = 0 Time to live = 128 Protocol = 0 (0) Header checksum = 04EB (Verified 04EB) Source address = 10.1.1.28 Destination address = 10.1.1.250 20 bytes of data Record #22 (From Node To Hub) Captured on 7/24/2003 at 09:50:56.437327771 Length = 64 Frame Data: (Length = 64) 0: 00 08 A3 4D 78 6B 00 02 55 5D F8 A7 08 00 45 00 ...Mxk.. U]....E. 16: 00 28 1E D4 00 00 80 00 04 EB 0A 01 01 1C 0A 01 .(...... ........ 32: 01 FA 45 10 00 14 2E 31 40 00 00 37 C1 76 7F 00 ..E....1 @..7.v.. 48: 00 01 0A 01 01 FA 00 00 00 00 00 00 E6 7B CB FA ........ .....{.. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, July 23, 2003 5:18 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Win32 Cisco Exploit Attached is a win32 version of the Cisco Exploit with a nice GUI. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
