.

UDP Constant IP Identification Field Fingerprinting Vulnerability

<<

laurah

Newbie
Newbie

Posts: 6

Joined: Sun Jan 16, 2011 9:38 am

Post Fri Mar 23, 2012 5:37 am

UDP Constant IP Identification Field Fingerprinting Vulnerability

Hi all,

Can someone help me to check if these vulnerabilities exist on various hosts? basically the IP_ID=0 and I need to construct a UDP packet to send while setting this ID to 0.

Does anyone have any ideas on how to do this? I have been looking at a few tools like hping/xprobe2 etc but I don't think they have what I'm looking for.

This is a Qualys result. Let me know if anyone has a clue about this :)
Thanks.
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Fri Mar 23, 2012 7:46 am

Re: UDP Constant IP Identification Field Fingerprinting Vulnerability

Scapy: http://www.secdev.org/projects/scapy/

Maybe PackETH if you prefer a GUI.
Linux: http://packeth.sourceforge.net/
Windows Port: http://eth.cyberine.com/
The day you stop learning is the day you start becoming obsolete.
<<

laurah

Newbie
Newbie

Posts: 6

Joined: Sun Jan 16, 2011 9:38 am

Post Fri Mar 23, 2012 8:10 am

Re: UDP Constant IP Identification Field Fingerprinting Vulnerability

Thanks mate will try those now
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Fri Mar 23, 2012 8:18 am

Re: UDP Constant IP Identification Field Fingerprinting Vulnerability

I should have mentioned that you need to be familiar with Python in order to use Scapy. If you aren't, it looks like PackETH can generate the traffic you need.
The day you stop learning is the day you start becoming obsolete.
<<

laurah

Newbie
Newbie

Posts: 6

Joined: Sun Jan 16, 2011 9:38 am

Post Fri Mar 23, 2012 10:54 am

Re: UDP Constant IP Identification Field Fingerprinting Vulnerability

hi ya, that's fine, both look like good tools. Is there a way of setting the id header of the IP to 0?
I'm just looking to do this for the UDP packet involved.
Any help would be appreciated!
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Fri Mar 23, 2012 2:10 pm

Re: UDP Constant IP Identification Field Fingerprinting Vulnerability

There's no ID Header field in UDP packets:
http://www.trainsignal.com/blog/network ... osi-models

There is however, such a field in IPv4:
http://en.wikipedia.org/wiki/IPv4#Header

What this means is, it doesn't matter if you use TCP or UDP to set the IP ID, but I do suggest without any offense intended, that you read up on TCP/IP basics.

NMAP checks the IP ID automatically for you btw and I strongly suggest you start using that if you don't and perhaps only use automated tools.
I'm an InterN0T'er
<<

laurah

Newbie
Newbie

Posts: 6

Joined: Sun Jan 16, 2011 9:38 am

Post Mon Mar 26, 2012 3:07 pm

Re: UDP Constant IP Identification Field Fingerprinting Vulnerability

No offence taken, although I've been reading about TCP/IP for years :) Thanks for your advice, I use Nmap quite regularly.
Thanks alsot :)

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software