Hi, I know UDP header incorrect lenght is usually part of security testing as this one could crash the target machine. However, how to do that on your own?
+1
A:
Testing the header length of a packet is important part of security testing... if you are writing a TCP/IP stack. But no one is going to test this on a penetration test because this will have little or no affect on a real world system.
Building strange packets is useful for testing firewalls, and hping is very useful for that (as well as nmap :). Here is a good tutorial on using hping. This following command is sending the largest UDP packet possible, if you try an encode a larger size you'll get a one's complement integer overflow due to bit boundaries (which isn't very useful).
hping -2 -p 7 192.168.10.33 -d 65535 -E /root/signature.sig
If you want to verify that a malformed packet is built correctly you should grab Wireshark.
Rook
2010-06-24 16:03:26
So, you cannot crash any computer by sending a packet with invalid lenght?? Its mentioned almost in every penetration testing guide
Tomas
2010-06-24 17:41:31
@Tomas As a penetration tester I am 100% sure that no production tcp/ip stack is going to succumb to such a simple attack, but your welcome to try it. These low layer protocols have been heavy tested, your better off looking for memory corruption flaws in osi layer 7 (application), layer 4 is very simple in comparison and there for less likely for something to go wrong.
Rook
2010-06-24 17:46:42
@Tomas on a side note, you are right about testing the length parameter. often times this is used as an offset in a `memcpy()` or similar function.
Rook
2010-06-24 17:48:30
The Rook: thank you! I have never meet any penetration tester, do you mind if discuss a few questions with you? Over email or whatever, I would really appreciate it. Just entering to this field. Thanks!
Tomas
2010-06-24 18:44:03
@Tomas sure what is your email?
Rook
2010-06-24 19:17:40
The Rook: roudak02gmail.com - thank you!
Tomas
2010-06-25 05:23:01