[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- From: Tillmann Werner <tillmann.werner@xxxxxx>
- Date: Fri, 11 Nov 2011 09:17:48 +0100
> def callback(self, hdr, data):
> # Parse the Ethernet packet
> decoder = ImpactDecoder.EthDecoder()
> ether = decoder.decode(data)
> # Parse the IP packet inside the Ethernet packet, typep
> iphdr = ether.child()
> udphdr = iphdr.child()
>
> # First check that the packets are not comming from the local host
> # Then check that it is a UDP packet (incase you changed the BPF) also
> # Check that the destination port for the packet is a closed
> port on the host
> if (iphdr.get_ip_src() != self.ip):
> self.refresh_portlist()
> if (iphdr.get_ip_p() == ImpactPacket.UDP.protocol and
> udphdr.get_uh_dport() not in self.portlist):
> if self.called == 0:
> self.callonce()
> print "Incoming UDP packet from %s"%iphdr.get_ip_src()
> self.dumper.dump(hdr, data)
>
> def refresh_portlist(self):
> # bash script to get all the open and listening UDP ports
> # used in the callback function as criteria for logging traffic
> output = os.popen("./getports.sh")
> pl = output.readlines()
> self.portlist = []
> for p in pl:
> self.portlist.append(int(p))
Seriously? popen()ing a bash script that calls netstat and awk twice for
every packet?
Tillmann
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/