#17 The PortscanAttack destination is not replying with the correct TCP flags

بسته‌شده
8 سال پیش باز شده توسط carlos.garcia · 4 دیدگاه

In a SYN port scan, it is expected that the attacker sends a SYN request, and the victim responds with a SYN|ACK reply. Currently, the victim is responding with the RST|ACK flags set instead.

The parameters used for the PortscanAttack are as follows:

-a "PortscanAttack" ip.src="66.66.66.66" mac.src="32:08:24:DC:8D:27" inject.at-timestamp=1476301843

The following is what is observed in Wireshark in the resulting pcap file:

101 2016-11-02 16:44:36.718 66.66.66.66 192.168.178.13  TCP 60  0   8542→8080 [SYN] Seq=0 Win=8192 Len=0
102 2016-11-02 16:44:36.718 192.168.178.13  66.66.66.66 TCP 60  0   8080→8542 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
In a SYN port scan, it is expected that the attacker sends a SYN request, and the victim responds with a SYN|ACK reply. Currently, the victim is responding with the RST|ACK flags set instead. The parameters used for the PortscanAttack are as follows: -a "PortscanAttack" ip.src="66.66.66.66" mac.src="32:08:24:DC:8D:27" inject.at-timestamp=1476301843 The following is what is observed in Wireshark in the resulting pcap file: 101 2016-11-02 16:44:36.718 66.66.66.66 192.168.178.13 TCP 60 0 8542→8080 [SYN] Seq=0 Win=8192 Len=0 102 2016-11-02 16:44:36.718 192.168.178.13 66.66.66.66 TCP 60 0 8080→8542 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
Carlos Garcia نظر 8 سال پیش
مالک

By default the port 8080 should be scanned and should be marked as open, is this not correct?

By default the port 8080 should be scanned and should be marked as open, is this not correct?
Carlos Garcia نظر 8 سال پیش
مالک

The problem lies in file "PortscanAttack.py" in line 127. I see no reason for converting "dport" to a string. In the line

if str(dport) in self.get_param_value(Param.PORT_OPEN):

wouldn't it make more sense to drop the "str(dport)" and just have:

if dport in self.get_param_value(Param.PORT_OPEN):
The problem lies in file "PortscanAttack.py" in line 127. I see no reason for converting "dport" to a string. In the line if str(dport) in self.get_param_value(Param.PORT_OPEN): wouldn't it make more sense to drop the "str(dport)" and just have: if dport in self.get_param_value(Param.PORT_OPEN):
Carlos Garcia نظر 8 سال پیش
مالک

@patrick.jattke can you confirm if this fix is not breaking functionality somewhere else?

@patrick.jattke can you confirm if this fix is not breaking functionality somewhere else?

@carlos.garcia I can confirm. The _is_port method which writes the port value in the params list always returns an int or a list of int.

I improved the comment for _is_port in commit aed49ee.

@carlos.garcia I can confirm. The _is_port method which writes the port value in the params list always returns an int or a list of int. I improved the comment for _is_port in commit aed49ee.
برای پیوستن به گفتگو، وارد شودید.
بدون برچسب
Bug
بدون نقطه عطف
بدون مسئول رسیدگی
2 مشارکت کننده
درحال بارگذاری...
لغو
ذخيره
هنوز محتوایی ایجاد نشده.