OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Dom De Vitto (dom_at_DeVitto.com)
Date: Wed Nov 13 2002 - 07:19:55 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I take it everyone has seen the latest advisory from ISC?

    Anyone got a idea exactly where the problem is, or got an exploit?

    ISC do say that an exploit isn't available, but it's been a few hours
    since then :-)

    Dom
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Dom De Vitto Tel. 07855 805 271
    http://www.devitto.com mailto:domdevitto.com
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

     

    -----Original Message-----
    From: Fyodor [mailto:fyodorinsecure.org]
    Sent: Monday, November 04, 2002 6:08 PM
    To: Frank Knobbe
    Cc: Michael Katz; vuln-devsecurityfocus.com; d_fencegmx.net
    Subject: Re: Firewall bypassing tool

    On Sun, Nov 03, 2002 at 05:02:49PM -0600, Frank Knobbe wrote:
    > On Fri, 2002-11-01 at 13:38, Michael Katz wrote:
    > > At 11/1/2002 03:28 AM, d_fence wrote:
    > >
    > > One of the options for scanning is -sF, which will send SYN-FIN
    > > packets. You can also use -sA, which will send SYN-ACK packets.
    >
    > I was about to post the same, but thought I validate first. To me it
    > seemed that nmap sends a packet with the FIN flag set. I did not see
    > the SYN flag set in addition to FIN, so nmap is not an answer to his
    > question.

    Nmap has an undocumented --scanflags option which allows you to specify
    arbitrary flags using the flag names or a number. Thus a SYN-FIN scan
    can be done as follows:

    felix~#nmap -sS --scanflags SYNFIN -O db

    Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ ) Interesting ports
    on db.yuma.net (192.168.0.4): (The 1601 ports scanned but not shown
    below are in state: closed)
    Port State Service
    22/tcp open ssh
    111/tcp open sunrpc
    1024/tcp open kdm
    Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20 Uptime 58.471
    days (since Fri Sep 6 23:45:12 2002)

    Nmap run completed -- 1 IP address (1 host up) scanned in 10.651 seconds

    Note that "-sS" causes this scan to use "SYN Scan" semantics (eg
    treating SYN|ACK responses as open ports). For FIN scan semantics
    (dropped packets signify open ports, RST for closed ones) just specify
    "-sF" instead.

    Cheers,
    Fyodor