RE: Cisco IOS Denial of Service that affects most Cisco IOS routers- requires power cycle to recover

Could we have an example of an hping command to invoke this. I have been playing with it and would like a real-world example, and since there a now multiple exploits out, this knowledge should not be a problem. Thanks.

Curt

Practice safe hex.

• Andrew Briney, editor Information Security

-----Original Message-----
From: Richard Johnson [mailto:rdump@river.com] Sent: Sunday, July 20, 2003 2:21 AM
To: incidents@securityfocus.com
Subject: Re: Cisco IOS Denial of Service that affects most Cisco IOS routers- requires power cycle to recover

In article
<Pine.BSO.4.53.0307172223150.11409@rhiannon.precision-guesswork.com>,  Tina Bird <tbird@precision-guesswork.com> wrote:

> information on the detailed structure of the evil packets in these
> protocols is not yet public AFAIK.

The router has problems if it receives a packet, content irrelevant, that makes it to supervisor level claiming an IP protocol that it doesn't have code to handle.

The kickup to supervisor level happens when the packet is targeted directly at the router's IP address (per first Cisco advisory) or just has its TTL expire in transit past the router (per revised Cisco advisory).

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Send enough packets (default 75), and the input queue is full. hping is enough of a launch platform for that--there's no need for questionable-source exploit binaries when testing.

Richard

--
My mailbox. My property. My personal space. My rules. Deal with it.
                        
http://www.river.com/users/share/cluetrain/

----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training
sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's
to
"underground" security specialists.  See for yourself what the buzz is
about!
Early-bird registration ends July 3.  This event will sell out.
www.blackhat.com
----------------------------------------------------------------------------



---------------------------------------------------------------------------
----------------------------------------------------------------------------