lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 22 Dec 2016 10:00:50 +0800
From:   Kefeng Wang <wangkefeng.wang@...wei.com>
To:     Alexander Duyck <alexander.duyck@...il.com>,
        Weilong Chen <chenweilong@...wei.com>
CC:     Jeff Kirsher <jeffrey.t.kirsher@...el.com>,
        intel-wired-lan <intel-wired-lan@...ts.osuosl.org>,
        Netdev <netdev@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH net-next] ixgbevf: fix 'Etherleak' in ixgbevf



On 2016/12/21 10:20, Alexander Duyck wrote:
> I find it curious that only the last 4 bytes have data in them.  I'm
> wondering if the NIC/driver in the Windows/Nessus system is
> interpreting the 4 byte CRC on the end of the frame as padding instead
> of stripping it.
> 
> Is there any chance you could capture the entire frame instead of just
> the padding?  Maybe you could run something like wireshark without
> enabling promiscuous mode on the VF and capture the frames it is
> trying to send and receive.  What I want to verify is what the actual
> amount of padding is that is needed to get to 60 bytes and where the
> CRC should start.
> 
> - Alex

Here is the verbose output, is this useful?
Or we will try according to your advice, thanks,

D:\Program Files\Tenable\Nessus>nasl.exe -aX -t 192.169.0.151 etherleak.nasl
--------------------------
 ---[ ICMP ]---
0x00:  45 00 00 1D 20 81 00 00 40 01 D7 F3 C0 A9 00 97    E... ...@.......
0x10:  C0 A9 00 82 00 00 87 FD 00 01 00 01 78 00 00 00    ............x...
0x20:  00 00 00 00 00 00 00 00 00 00 98 E4 75 DF          ............u.
--------------------------
 ---[ ICMP ]---
0x00:  45 00 00 1D 20 85 00 00 40 01 D7 EF C0 A9 00 97    E... ...@.......
0x10:  C0 A9 00 82 00 00 87 FD 00 01 00 01 78 00 00 00    ............x...
0x20:  00 00 00 00 00 00 00 00 00 00 FB DA F8 13          ..............
---[ ether1 ]---
0x00:  00 00 00 00 00 00 00 00 00 00 00 00 00 98 E4 75    ...............u
0x10:  DF                                                 .
---[ ether2 ]---
0x00:  00 00 00 00 00 00 00 00 00 00 00 00 00 FB DA F8    ................
0x10:  13                                                 .

Padding observed in one frame :

  0x00:  00 00 00 00 00 00 00 00 00 00 00 00 00 98 E4 75    ...............u
  0x10:  DF                                                 .

Padding observed in another frame :

  0x00:  00 00 00 00 00 00 00 00 00 00 00 00 00 FB DA F8    ................
  0x10:  13


Powered by blists - more mailing lists