The Ethical Hacker Network - UDP Constant IP Identification Field Fingerprinting Vulnerability

EH-Net > Ethical Hacking Discussions and Related Certifications > Malware (Moderator: don) > UDP Constant IP Identification Field Fingerprinting Vulnerability

Pages: [1] Go Down

« previous next »

	Author	Topic: UDP Constant IP Identification Field Fingerprinting Vulnerability (Read 6659 times)
0 Members and 1 Guest are viewing this topic.

laurah

Newbie

Offline

Posts: 6

UDP Constant IP Identification Field Fingerprinting Vulnerability

« on: March 23, 2012, 05:37:38 AM »

Hi all,

Can someone help me to check if these vulnerabilities exist on various hosts? basically the IP_ID=0 and I need to construct a UDP packet to send while setting this ID to 0.

Does anyone have any ideas on how to do this? I have been looking at a few tools like hping/xprobe2 etc but I don't think they have what I'm looking for.

This is a Qualys result. Let me know if anyone has a clue about this

Thanks.


	Logged

ajohnson

Recruiters
Hero Member

Offline

Posts: 1060

aka dynamik

Re: UDP Constant IP Identification Field Fingerprinting Vulnerability

« Reply #1 on: March 23, 2012, 07:46:33 AM »

Scapy: http://www.secdev.org/projects/scapy/

Maybe PackETH if you prefer a GUI.
Linux: http://packeth.sourceforge.net/
Windows Port: http://eth.cyberine.com/


	Logged

WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.

laurah

Newbie

Offline

Posts: 6

Re: UDP Constant IP Identification Field Fingerprinting Vulnerability

« Reply #2 on: March 23, 2012, 08:10:12 AM »

Thanks mate will try those now


	Logged

ajohnson

Recruiters
Hero Member

Offline

Posts: 1060

aka dynamik

Re: UDP Constant IP Identification Field Fingerprinting Vulnerability

« Reply #3 on: March 23, 2012, 08:18:48 AM »

I should have mentioned that you need to be familiar with Python in order to use Scapy. If you aren't, it looks like PackETH can generate the traffic you need.


	Logged

WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.

laurah

Newbie

Offline

Posts: 6

Re: UDP Constant IP Identification Field Fingerprinting Vulnerability

« Reply #4 on: March 23, 2012, 10:54:17 AM »

hi ya, that's fine, both look like good tools. Is there a way of setting the id header of the IP to 0?
I'm just looking to do this for the UDP packet involved.
Any help would be appreciated!


	Logged

MaXe

Hero Member

Offline

Posts: 669

I've just upgraded myself to a cyborg muahahaa!!1

Re: UDP Constant IP Identification Field Fingerprinting Vulnerability

« Reply #5 on: March 23, 2012, 02:10:51 PM »

There's no ID Header field in UDP packets:
http://www.trainsignal.com/blog/networking-basics-tcp-udp-tcpip-osi-models

There is however, such a field in IPv4:
http://en.wikipedia.org/wiki/IPv4#Header

What this means is, it doesn't matter if you use TCP or UDP to set the IP ID, but I do suggest without any offense intended, that you read up on TCP/IP basics.

NMAP checks the IP ID automatically for you btw and I strongly suggest you start using that if you don't and perhaps only use automated tools.


	Logged

I'm an InterN0T'er

laurah

Newbie

Offline

Posts: 6

Re: UDP Constant IP Identification Field Fingerprinting Vulnerability

« Reply #6 on: March 26, 2012, 03:07:04 PM »

No offence taken, although I've been reading about TCP/IP for years

Thanks for your advice, I use Nmap quite regularly.
Thanks alsot


	Logged

Pages: [1] Go Up

« previous next »

Jump to: