share malformed_dns.pcap

[martinscheu]

Hello @sei-vsarvepalli Would it be possible to share the pcap you used for testing? Thanks

[sei-vsarvepalli]

Hello @martinscheu

Are you looking for a specific one? The packets were generated using scapy and Python3 on aUbuntu 20 virtual machine. I can share the scripts we developed, they are not very well documented and may need some work! I believe JSOF plans to release a whole PoC suite which will have better coverage for all the CVE's. We did not do anything for the Layer-2 runt frame related attacks.

Let me know I will share what I have.

Thanks Vijay

[martinscheu]

Hello Vijay

Thank you for your reply. The DNS one specificially, as I dont know how such traffic looks like. But of course if you have additional ones regarding the ripple20, it would be very helpfull! So fare jsof released a script but without the DNS part.

Thank you, regards Martin

Get Outlook for Androidhttps://aka.ms/ghei36

---

From: Vijay Sarvepalli notifications@github.com Sent: Monday, June 29, 2020 4:55:21 PM To: CERTCC/PoC-Exploits PoC-Exploits@noreply.github.com Cc: martinscheu martin.scheu@outlook.com; Mention mention@noreply.github.com Subject: Re: [CERTCC/PoC-Exploits] share malformed_dns.pcap (#3)

Hello @martinscheuhttps://github.com/martinscheu

Are you looking for a specific one? The packets were generated using scapy and Python3 on aUbuntu 20 virtual machine. I can share the scripts we developed, they are not very well documented and may need some work! I believe JSOF plans to release a whole PoC suite which will have better coverage for all the CVE's. We did not do anything for the Layer-2 runt frame related attacks.

Let me know I will share what I have.

Thanks Vijay

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/CERTCC/PoC-Exploits/issues/3#issuecomment-651174252, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJGDR6YNNTKRC4BHN363UPTRZCTNTANCNFSM4OLJFQLA.

[martinscheu]

Hello Vijay

Not sure if I gave the right answer ;-) Documentation shouldnt be an issue, if sharing is, maybe I could contact you through another channel (I work for the SWITCH CERT in Switzerland)

Thanks, regards Martin

Get Outlook for Androidhttps://aka.ms/ghei36

---

From: Vijay Sarvepalli notifications@github.com Sent: Monday, June 29, 2020 4:55:21 PM To: CERTCC/PoC-Exploits PoC-Exploits@noreply.github.com Cc: martinscheu martin.scheu@outlook.com; Mention mention@noreply.github.com Subject: Re: [CERTCC/PoC-Exploits] share malformed_dns.pcap (#3)

Hello @martinscheuhttps://github.com/martinscheu

Are you looking for a specific one? The packets were generated using scapy and Python3 on aUbuntu 20 virtual machine. I can share the scripts we developed, they are not very well documented and may need some work! I believe JSOF plans to release a whole PoC suite which will have better coverage for all the CVE's. We did not do anything for the Layer-2 runt frame related attacks.

Let me know I will share what I have.

Thanks Vijay

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/CERTCC/PoC-Exploits/issues/3#issuecomment-651174252, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJGDR6YNNTKRC4BHN363UPTRZCTNTANCNFSM4OLJFQLA.

[vijaysar]

Hello @martinscheu

A malformed DNS PCAP has been added that has some malformed responses that can trigger the various bugs in Treck embedded TCP/IP.

[sei-vsarvepalli]

Hello @martinscheu

BTW we are constantly updating our scripts and tools. JSOF's scripts are now publicly available under "scripts" folder https://github.com/CERTCC/PoC-Exploits/tree/master/vu-257161/scripts

You can also see that Forescout has released their discovery scripts to support the ICS community for discussion https://github.com/Forescout/project-memoria-detector/blob/main/README.md