-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Try changing TTL, we used a value of 0 and it kill Cisco. On Thu, 24 Jul 2003 09:43:39 -0700 "Joel R. Helgeson" <[EMAIL PROTECTED]> wrote: >I just tested it against one of my test cisco routers. >nuthin happened. > >"Give a man fire, and he'll be warm for a day; set a man on fire, > and he'll >be warm for the rest of his life." >----- Original Message ----- >From: "amilabs" <[EMAIL PROTECTED]> >To: "'amilabs'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; ><[EMAIL PROTECTED]> >Sent: Thursday, July 24, 2003 9:36 AM >Subject: RE: [Full-Disclosure] Win32 Cisco Exploit > > >> I meant to say it does NOT generate the correct type of packets >below in >> the last email I sent >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of amilabs >> Sent: Thursday, July 24, 2003 9:57 AM >> To: [EMAIL PROTECTED]; [EMAIL PROTECTED] >> Subject: RE: [Full-Disclosure] Win32 Cisco Exploit >> >> >> According to protocol trace file analysis it does generate the >correct >> types of packets to cause the exploit. Both the gui and the cmd >line >> send the packets out with ttl 128 and with 0 as the next protocol >in the >> IP header. This is what the app spits out. I did not test against >a >> router just took a quick peek with a protocol analyzer and it >does not >> look like it will work based on the packet trace. Can someone >tell me >> otherwise? >> >> ------------ ETHER Header ------------ >> Destination: 00-03-A3-43-78-6B >> Source: This Network Analyzer (00-04-55-2D-F8-A7) >> Protocol: IP >> FCS: E67BCBFA >> >> ------------ IP Header ------------ >> Version = 4 >> Header length = 20 >> Differentiated Services (DS) Field = 0x00 >> 0000 00.. DS Codepoint = Default PHB (0) >> .... ..00 Unused >> Packet length = 40 >> Id = 1ed4 >> Fragmentation Info = 0x0000 >> .0.. .... .... .... Don't Fragment Bit = FALSE >> ..0. .... .... .... More Fragments Bit = FALSE >> ...0 0000 0000 0000 Fragment offset = 0 >> Time to live = 128 >> Protocol = 0 (0) >> Header checksum = 04EB (Verified 04EB) >> Source address = 10.1.1.28 >> Destination address = 10.1.1.250 >> 20 bytes of data >> >> Record #22 (From Node To Hub) Captured on 7/24/2003 at >> 09:50:56.437327771 Length = 64 >> >> Frame Data: (Length = 64) >> 0: 00 08 A3 4D 78 6B 00 02 55 5D F8 A7 08 00 45 00 ...Mxk.. >> U]....E. >> 16: 00 28 1E D4 00 00 80 00 04 EB 0A 01 01 1C 0A 01 .(...... >> ........ >> 32: 01 FA 45 10 00 14 2E 31 40 00 00 37 C1 76 7F 00 ..E....1 >> @..7.v.. >> 48: 00 01 0A 01 01 FA 00 00 00 00 00 00 E6 7B CB FA ........ >> .....{.. >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of >> [EMAIL PROTECTED] >> Sent: Wednesday, July 23, 2003 5:18 PM >> To: [EMAIL PROTECTED] >> Subject: [Full-Disclosure] Win32 Cisco Exploit >> >> >> Attached is a win32 version of the Cisco Exploit with a nice GUI. >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.netsys.com/full-disclosure-charter.html >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.netsys.com/full-disclosure-charter.html >> >> > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html > > -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj8gFxcACgkQsJfNyoeLaF7VEgCfZNrQEjfJZ5yub1ouPEou0k47/4EA nilCXsIOvTBSe6RNNu3IvG3tk+RT =dFRS -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
