|
Multiple Vendor IRDP Vulnerability
L0pht (LHI) has made available Proof-of-Concept code that will let individuals test their systems & firewalls. Usage is as follows: Usage: rdp -v -l -s -d <delay> -p <pref> -t <lifetime> -i <dev> -S <src> -D <dst> -R <rtr> -r <optional 2nd rtr> -v verbose -l listen mode -s send mode -d <delay time between sending packets> -n <number of rdp packets to send> -I <ID value to place in IP packet> -p <preference level> -t <lifetime> -i <interface to use for sniffing> -S <source address to put in outgoing rdp packet> -D <destination address to put in outgoing rdp packet> -R <router address to advertise in rdp packet> -r <optional 2nd router address to advertise in rdp packet> Misc software notes: Listen Mode: Software listens for ICMP Router Solicitations. If the '-s' flag is specified as well, the software will answer the Solicitations with ICMP Router Advertisements. Preference: If the preference is not specified, it will use a default of 1000, which will give the default route a metric of 0 on affected Windows systems. 2nd Router Addr: By using the '-r' flag and specifying a second router address entry, the packet can contain a bogus source address and still be processed for correct gateway entries by the end host. |
|
|
Privacy Statement |
