Penetration Testing mailing list archives
Re: [PEN-TEST] Source Routing and MS Proxy 2.0
From: Oliver Friedrichs <ofriedrichs () SECURITYFOCUS COM>
Date: Wed, 23 Aug 2000 09:59:34 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There was an NAI advisory released in regards to this, which will give you more details: http://www.securityfocus.com/templates/advisory.html?id=1761 And a Microsoft patch: http://www.securityfocus.com/templates/advisory.html?id=1762 You will definately need something more complex than netcat to exploit this, since you're manipulating IP options by hand, rather than via the network stack. The easiest way is probably to use libnet and write your own tools for this. - - Oliver
-----Original Message----- From: erica bernt [mailto:erica_bbb () YAHOO COM] Sent: Monday, August 21, 2000 4:36 AM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] Source Routing and MS Proxy 2.0 Hi Everyone, I will be doing some authorized penetration testing on a MS Proxy 2.0 server connected to the internet. I see that there is a http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0909 potential source routing attack that is possible. Have any of you had success with such a test ? Which utilities do you use for the source routing ? Is the loose source routing facility in netcat good enough ? I would be grateful of any suggestions and hints as to go about my penetration test of MS Proxy and of useful source routing tools. thanks Erica __________________________________________________ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/
-----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOaQBkMm4FXxxREdXEQLDhwCdG/enzqO1pye/1J0QXQlGOmgUSDkAoIRn a8z9Id9Bs6pbbWtC35J16f6u =sPe3 -----END PGP SIGNATURE-----
Current thread:
- [PEN-TEST] Source Routing and MS Proxy 2.0 erica bernt (Aug 21)
- <Possible follow-ups>
- Re: [PEN-TEST] Source Routing and MS Proxy 2.0 Sandro Gauci (Aug 23)
- Re: [PEN-TEST] Source Routing and MS Proxy 2.0 Frank Knobbe (Aug 24)
- Re: [PEN-TEST] Source Routing and MS Proxy 2.0 Oliver Friedrichs (Aug 24)