NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Immunitysec Daily Dave> 2008-q3

[Dailydave] DNS and other fun.

From: Dave Aitel (daveimmunityinc.com)
Date: Tue Jul 29 2008 - 15:59:51 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you're mucking with Marc Bevand's exploit in order to do some speed
comparisons you may want to fix this line:
(sizeof(buf) is 4 since buf is a pointer, of course).

~ dns_response(buf + IP_HDR_LEN + UDP_HDR_LEN,
~ (unsigned)(IP_LEN_MAX - (IP_HDR_LEN + UDP_HDR_LEN)), <--fixed.

We're not using Scapy here, but in Python (and Ruby, I assume?) you
don't want to do your creation of packets along-side your sending of
packets. You probably want to do something like this:

buffers=create_all_data_buffers()
for buffer in buffers:
~ raw_sock_send(buffer)

I'm not sure how having tcpreplay helps since all your packets are
different (via TXID incrementing, which of course means you have to do
your UDP checksum over). Is packet-loss the big problem you're seeing?
Importing psyco should make your Python code faster as well, although
still REALLY slow compared to C (so far in my testing). People say that
the public exploits don't work with Bind9 (even unpatched). Go Vixie and
Co! :>

And in Vegas news:
It is true, hackers do get the girls. Just like in the movies. Even more
so really, now that the economy is crappier so being able to afford your
house payment is uber-sexy...

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Immunity is bringing the test, Edgeos <http://www.edgeos.com/> is
bringing the Sexy Hacking girls <http://sexyhacking.com>. Rumor has it
that certified NOP's might receive invitations to the exclusive and
still-secret Sexy Hacking party at Defcon. More details soon!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIj4TFtehAhL0gheoRAoi/AJ42lTry1I1XVmnVp29EQkPf7mHtTwCffOrE
Azq4oLsFxjRMJjJqV7kGgXM=
=D6uJ
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]