|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: OPS: SECURITY new packet of death
On Fri, 21 Nov 1997, Karl Denninger wrote: > On Fri, Nov 21, 1997 at 09:41:33AM -0600, Charley Kline wrote: > > > land.c is this program > > I tried it against a 7505 running 11.2(9)P and a 2511 running 11.2(7a), > > with no obvious bad effects. The announcement does not indicate which > > IOS versions are vulnerable; I'd love to know. > > > > Charley Kline [email protected] > > UIUC Network Architect n stuff > Where do we get a copy of that to try out? > > I want to "challenge" some of our machines and routers. Here is the results of my humble IOS testing of the land.c denial of service 'spoit code. -blast IOS 11.2(9) on a 25xx tcp0: I LISTEN 10.10.51.80:23 10.10.51.80:23 seq 3868 SYN WIN 2048 tcp0: O LISTEN 10.10.51.80:23 10.10.51.80:23 seq 3988480078 OPTS 4 ACK 3869 SYN WIN 4288 tcp0: I SYNRCVD 10.10.51.80:23 10.10.51.80:23 seq 3988480078 OPTS 4 ACK 3869 SYN WIN 4288 tcp0: O SYNRCVD 10.10.51.80:23 10.10.51.80:23 seq 3869 RST WIN 4288 tcp0: I SYNRCVD 10.10.51.80:23 10.10.51.80:23 seq 3869 RST WIN 4288 ---------------------- IOS 11.1(12) on a 25xx IOS 11.0(17) on 1005 The interesting thing about this test was that it would freeze for a little while (until socket timed-out) then I was able to telnet to the vty again. The router had to RST me close before it did another TCP handshake for the vty. It seem to have no problems forwarding L3 traffic but my testing was not very complete. I was only looking for KABOOM's. tcp0: I LISTEN 10.10.51.16:23 10.10.51.16:23 seq 3868 SYN WIN 2048 tcp0: O LISTEN 10.10.51.16:23 10.10.51.16:23 seq 3655988093 OPTS 4 ACK 3869 SYN WIN 2144 tcp0: I SYNRCVD 10.10.51.16:23 10.10.51.16:23 seq 3655988093 OPTS 4 ACK 3869 SYN WIN 2144 tcp0: O SYNRCVD 10.10.51.16:23 10.10.51.16:23 seq 3869 RST WIN 2144 tcp0: I SYNRCVD 10.10.51.16:23 10.10.51.16:23 seq 3869 RST WIN 2144 tcp0: W SYNRCVD 10.10.51.16:23 10.10.51.16:23 estabBLOCK tcp0: R SYNRCVD 10.10.51.16:23 10.10.51.16:23 seq 3655988093 OPTS 4 ACK 3869 SYN WIN 2144 tcp0: I SYNRCVD 10.10.51.16:23 10.10.51.16:23 seq 3655988093 OPTS 4 ACK 3869 SYN WIN 2144 tcp0: O SYNRCVD 10.10.51.16:23 10.10.51.16:23 seq 3869 RST WIN 2144 tcp0: I SYNRCVD 10.10.51.16:23 10.10.51.16:23 seq 3869 RST WIN 2144 tcp0: R SYNRCVD 10.10.51.16:23 10.10.51.16:23 seq 3655988093 OPTS 4 ACK 3869 SYN WIN 2144 tcp0: I SYNRCVD 10.10.51.16:23 10.10.51.16:23 seq 3655988093 OPTS 4 ACK 3869 SYN WIN 2144 tcp0: O SYNRCVD 10.10.51.16:23 10.10.51.16:23 seq 3869 RST WIN 2144 tcp0: I SYNRCVD 10.10.51.16:23 10.10.51.16:23 seq 3869 RST WIN 2144 tcp0: R SYNRCVD 10.10.51.16:23 10.10.51.16:23 seq 3655988093 OPTS 4 ACK 3869 SYN WIN 2144 tcp0: I SYNRCVD 10.10.51.16:23 10.10.51.16:23 seq 3655988093 OPTS 4 ACK 3869 SYN WIN 2144 tcp0: O SYNRCVD 10.10.51.16:23 10.10.51.16:23 seq 3869 RST WIN 2144 tcp0: I SYNRCVD 10.10.51.16:23 10.10.51.16:23 seq 3869 RST WIN 2144 tcp0: T CLOSED 10.10.51.16:23 10.10.51.16:23 early close ---------------------------------------------------------- IOS 10.3(10) on a 25xx goes KABOOM IOS 10.2(latest) on 4000 goes KABOOM It appears that 11.2 is your best bet and if you are pre-11 you got big problems. -blast %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \ Tim Keanini | "The limits of my language, / / | are the limits of my world." \ \ [email protected] | --Ludwig Wittgenstein / \ +================================================/ |Key fingerprint = 7B 68 88 41 A8 74 AB EC F0 37 98 4C 37 F7 40 D6 | / PUB KEY: http://www-swiss.ai.mit.edu/~bal/pks-commands.html \ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|