Cheers Antony, I began by asking if Scapy was a suitable tool for crafting this attack - and then asked more generally what tools/languages/frameworks do people recommend for this kind of task? Are you suggesting due to the very large numbers of packets involved that for performance reasons this needs to be written in c/c++?
On 12 November 2011 06:22, Antony widmal <antony.wid...@gmail.com> wrote: > > > On Fri, Nov 11, 2011 at 10:08 PM, Jeffrey Walton <noloa...@gmail.com>wrote: > >> On Sat, Nov 12, 2011 at 12:53 AM, Antony widmal <antony.wid...@gmail.com> >> wrote: >> > Dear Dan, >> > Impacket was at first a Pysmb copy/update from Core Security in order to >> > play with RPC. (look at the source) >> > They've done some work on pysmb library in order to implement DCE/RPC >> > functionality in this dinosaurus lib. >> You can also try Dave Aitel's SPIKE. >> >> Yeah sure; > If you're passionate about medieval history and you are a fan of > the Flintstones, you'll be happy with Dave's Aitel fuzzer. > > Regards, > Antony > > > This vulnerability is about sending a *huge fucking* stream of UDP >> packets >> > on a closed port in order to trigger a int overflow via a ref count. >> > Most of the people here didn't even understand what we are talking >> > about/dealing with. >> Is this related to the undisclosed MS09-048, which we were told did >> not require remediation because the Windows firewall (et al) mitigated >> the vulnerability? >> http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx. >> >> Jeff >> > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
