|
Full Disclosure
mailing list archives
Re: SNMP Reflected Denial Of Service - PoC
From: Anestis Bechtsoudis <bechtsoudis.a () gmail com>
Date: Fri, 31 Aug 2012 16:31:12 +0300
On 8/30/12 8:13 PM, Full Disclosure wrote:
Hi list,
I am releasing this code due to the fact that my dev server got hacked and people have been using it in the wild for
bad things.
Network admins should patch their networks appropriately by rejecting snmp connections from unwanted IPs.
The quoted code is actually nothing more than a regular threaded UDP
flood DoS tool, both SNMP spoofed requests and responses are equally 65
bytes (no reflection). Make a simple network capture for verification.
The payload is a mis-used .1.3.6.1 getBulk SNMP request resulting in a
null value response.
A sample perl script with the biggest reflection factor per transaction
achieved on Cisco devices is available here [1] (Amplification = 84
bytes request / 1480 bytes response).
For more information about SNMP reflection DoS you may refer to this
link [2].
The quoted code reminds me an old implementation on the same concept [3].
[1] http://pastebin.com/M9cJs89h
[2] https://bechtsoudis.com/hacking/snmp-reflected-denial-of-service/
[3] http://packetstormsecurity.org/DoS/snmpdos.c
-A
--
#----------------------------------------------#
| Anestis Bechtsoudis |
| |
| Network Operation Center, |
| Laboratory for Computing (LabCom), |
| Dept. of Computer Engineering & Informatics, |
| University of Patras, Greece |
|----------------------------------------------|
| Public Key: http://bit.ly/Q2f5gW |
| Website: https://bechtsoudis.com |
#----------------------------------------------#
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
