Bugtraq mailing list archives
Re: Analysis of "stacheldraht"
From: dittrich () CAC WASHINGTON EDU (Dave Dittrich)
Date: Fri, 31 Dec 1999 15:37:24 -0800
On Fri, 31 Dec 1999, Jordan Ritter wrote:
# Programs like "ngrep" do not process ICMP packets, so you will not as # easily (at this point in time) be able to watch for strings in the data # portion of the ICMP packets (except using the patches to tcpshow from # Appendix C and patches to sniffit provided in the analysis of TFN). The latest version of ngrep (1.35) does in fact match ICMP, and has been out for some time now.
Jordan, Sweet! I updated the analysis to use ngrep in preference to tcpdump/tcpshow for most stuff: http://staff.washington.edu/dittrich/misc/stacheldraht.analysis ngrep is *way* more convenient to use, but I had to note that it doesn't run on as many systems as tcpdump/tcpshow (e.g., Digital Unix 4.x) and it doesn't seem to read tcpdump files, so if you want to caputure the raw packets for later analysis (timing, flags, etc.) you need to stick to tcpdump/tcpshow. If only I'd sent the analysis out *before* Christmas... ;) -- Dave Dittrich Client Services dittrich () cac washington edu Computing & Communications University of Washington <a href="http://www.washington.edu/People/dad/"> Dave Dittrich / dittrich () cac washington edu [PGP Key]</a> PGP 6.5.1 key fingerprint: FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
Current thread:
- Re: majordomo local exploit Henrik Edlund (Dec 29)
- Re: majordomo local exploit Jefferson Ogata (Dec 29)
- AltaVista followup and monitor script Edward Glowacki (Dec 29)
- Re: majordomo local exploit Chip Salzenberg (Dec 29)
- UnixWare rtpm exploit + discussion Brock Tellier (Dec 30)
- Local / Remote GET Buffer Overflow Vulnerability in CamShot WebCam HTTP Server v2.5 for Win9x/NT Ussr Labs (Dec 30)
- PC-Cillin 6.x DoS Attack Daniel P. Stasinski (Dec 30)
- Analysis of "stacheldraht" Dave Dittrich (Dec 30)
- Re: Analysis of "stacheldraht" Jordan Ritter (Dec 31)
- Re: Analysis of "stacheldraht" Dave Dittrich (Dec 31)
- Re: Analysis of "stacheldraht" Jordan Ritter (Dec 31)