lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALCvwp6=ijnuPOSA9eKh4ZK=G2OYsQbGx2cS-3ijY4c4-YfgeQ@mail.gmail.com>
Date: Fri, 11 Nov 2011 21:43:44 +1100
From: xD 0x41 <secn3t@...il.com>
To: Tillmann Werner <tillmann.werner@....de>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Microsoft Windows vulnerability in TCP/IP
 Could Allow Remote Code Execution (2588516)

btw, you do realise, it is doing exactly what it is meant to , right >?
it is called a honeypot sir... try figure out WHY it is looping...
then maybe, the code is nicer yes...
i dont really care for it...  i am, making the proper.cpp scanner.
nothing more interests me about it, and, nothing else, i need others
to tell me, thx. I have done this my own b4, please, dont try holding
any hands.
I will only, cut off your feet ;)
later


On 11 November 2011 19:17, Tillmann Werner <tillmann.werner@....de> wrote:
>>     def callback(self, hdr, data):
>>         # Parse the Ethernet packet
>>         decoder = ImpactDecoder.EthDecoder()
>>         ether = decoder.decode(data)
>>         # Parse the IP packet inside the Ethernet packet, typep
>>         iphdr = ether.child()
>>         udphdr = iphdr.child()
>>
>>         # First check that the packets are not comming from the local host
>>         # Then check that it is a UDP packet (incase you changed the BPF) also
>>         # Check that the destination port for the packet is a closed
>> port on the host
>>         if (iphdr.get_ip_src() != self.ip):
>>             self.refresh_portlist()
>>             if (iphdr.get_ip_p() == ImpactPacket.UDP.protocol and
>> udphdr.get_uh_dport() not in self.portlist):
>>                 if self.called == 0:
>>                     self.callonce()
>>                 print "Incoming UDP packet from %s"%iphdr.get_ip_src()
>>                 self.dumper.dump(hdr, data)
>>
>>     def refresh_portlist(self):
>>         # bash script to get all the open and listening UDP ports
>>         # used in the callback function as criteria for logging traffic
>>         output = os.popen("./getports.sh")
>>         pl = output.readlines()
>>         self.portlist = []
>>         for p in pl:
>>             self.portlist.append(int(p))
>
> Seriously? popen()ing a bash script that calls netstat and awk twice for
> every packet?
>
> Tillmann
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ