MSF3 through tunnel - "Exploit failed: Invalid packet. Packet header must be at least 10 bytes long" message

[kpapadakis at ntlworld.com (kpnet)]

Hi all,

This is my first post so please be gentle ;)

I am trying to use an exploit (a classic DCERPC) in MSF3 on a win 2000
host (that I know is vulnerable) through a tunnel setup using
proxytunnel. 

Setup looks like:
   Attacker--------Proxy------Victim

   on the Attacking PC# proxytunnel -a <an_arbitrary_LPORT> -p
someproxy:<P_Port> (allowing/forwarding CONNECT method to) -d
Victim:<dcerpc_port>

When I use the technique in a vmware setup, the exploit works through
the tunnel (e.g setting MSF3 exploit options to RPORT=LPORT given above
and RHOST=127.0.0.1) 

However, when I use the same technique and an exact same setup but
through a VPN tunnel/connection, I get an "Exploit failed: Invalid
packet. Packet header must be at least 10 bytes long" message from MSF3
output.

"watching" the attack in ethereal, I can see everything up to the
sending of the exploit to be as expected (e.g seeing the CONNECT method
established, and then the sending of the exploit) but immediately after
that the attacking box sends a terminate connection (FIN) to the proxy.I
would expect to see continuation of HTTP traffic immediately after that!

Assuming that the destination target is vulnerable (as direct
exploitation without going through the tunnel/proxy works), does anyone
have any idea of why this is happening and/or what does the message MSF3
complains is about?

Note that I know that http proxy is not yet implemented in MS3 but in
this attack there is no need for it to be setup in MSF3. Also, it works
in a vmware environment! (e.g one host 2 guest OSes representing the
above setup). 

Any help much appreciated,

regards,

kostas