Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > vuln-dev > 02 > 110002.html (Request Expert securityfocus.com Support)

BIND Exploits

From: Dom De Vitto <dom(at)DeVitto.com>
Date: Wed Nov 13 2002 - 08:19:55 EST


I take it everyone has seen the latest advisory from ISC?

Anyone got a idea exactly where the problem is, or got an exploit?

ISC do say that an exploit isn't available, but it's been a few hours since then :-)

Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

Dom De Vitto                                       Tel. 07855 805 271
http://www.devitto.com                         mailto:
dom(at)devitto.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  

-----Original Message-----
From: Fyodor [mailto:fyodor@insecure.org] Sent: Monday, November 04, 2002 6:08 PM
To: Frank Knobbe
Cc: Michael Katz; vuln-dev@securityfocus.com; d_fence@gmx.net Subject: Re: Firewall bypassing tool

On Sun, Nov 03, 2002 at 05:02:49PM -0600, Frank Knobbe wrote:
> On Fri, 2002-11-01 at 13:38, Michael Katz wrote:
> > At 11/1/2002 03:28 AM, d_fence wrote:
> >
> > One of the options for scanning is -sF, which will send SYN-FIN
> > packets. You can also use -sA, which will send SYN-ACK packets.
>
> I was about to post the same, but thought I validate first. To me it
> seemed that nmap sends a packet with the FIN flag set. I did not see
> the SYN flag set in addition to FIN, so nmap is not an answer to his
> question.

Nmap has an undocumented --scanflags option which allows you to specify arbitrary flags using the flag names or a number. Thus a SYN-FIN scan can be done as follows:

felix~#nmap -sS --scanflags SYNFIN -O db

Do you need help?X

Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ ) Interesting ports on db.yuma.net (192.168.0.4): (The 1601 ports scanned but not shown below are in state: closed) 

Port       State       Service
22/tcp     open        ssh                     
111/tcp    open        sunrpc                  
1024/tcp   open        kdm
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20 Uptime 58.471 days (since Fri Sep 6 23:45:12 2002)

Nmap run completed -- 1 IP address (1 host up) scanned in 10.651 seconds

Note that "-sS" causes this scan to use "SYN Scan" semantics (eg treating SYN|ACK responses as open ports). For FIN scan semantics (dropped packets signify open ports, RST for closed ones) just specify "-sF" instead.

Cheers,
Fyodor Received on Wed Nov 13 11:54:10 2002

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:37 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library