 |
 |
 |
 |
 |
  |
|||
 |
 |
 |
|
|
Eigrp-tools
Eigrp-tools is a custom EIGRP packet generator and sniffer combined. It was developed to test the security and overall operation quality of the EIGRP routing protocol. Using this tool requires you to have the requisite background knowledge of EIGRP, packets structure/types, alongside a good working background of the Layer 3 topology of the network you wish to audit.
Installation
It requires various Perl modules to be installed before it is able to be utilised. These can be obtained by searching CPAN. Net::RawIP - A search comes up with Net-RawIP-0.2.tar.gz tar -zxvf Net-RawIP-0.2.tar.gz perl Makefile.pl
Errors are reported in the file RawIP.xs, the problem lies in the fact that the (u=char *) variable has been declared both sides and the first such reference to this needs to be removed. The error output to screen will mention the lvalue and assignment being wrong. Record the line numbers outputted and it is on these lines that you must remove the duplicate variables.
vi RawIP.xs At lines 762, 788, 821, 861, 895, 1287 and 1309 you should find the syntax (u=char*) delete the first entry of this as it is not required, the script should now run. make make install
NetPacket:Ethernet - A search comes up with NetPacket-0.04.tar.gz NetPacket::IP - A search comes up with the same package as above.
tar -zxvf NetPacket-0.04.tar.gz perl Makefile.pl make make install tar -zxvf eigrp-tools.tar.gz
Execution
eigrp.pl [--sniff] [ --iface=interface ] [--timeout=i]
Options: --sniff Sniff eigrp packets --iface Listen on an interface --iflist List all available network interfaces --source Source IP address --dest Packet destination IP. Default multicast IP - 224.0.0.10 --timeout=n pcap init timeout (500 default) --hello Send EIGRP HELLO --update Update route --query Send [Query] (Unreachable destination ) --external External route --internal Internal route --ipgoodbye=s IP to [Goodbye message] Authentication replay not implemented --file2ip=s Send raw sniffed eigrp data from file to IP --payback Sniff the UPDATE packet, change [Delay] and send it back (PoC) --op=n EIGRP opcode no. to trigger, capture a pkt defined by the trigger onto a disk --sn=n EIGRP sequence number to trigger --auth Authentication data for the reply attack (copy past hex from sniff) --opcode Custom opcode for hello packets fuzzing --flags=n EIGRP flags (0,1 or 2) --version=n EIGRP version [8 bit integer] Default = 2 --as=n Autonomous system number, Default = 1 --k1=n Metric K1 Default 1 --k2=n Mertic K2 Default 0 --k3=n Mertic K3 Default 1 --k4=n Mertic K4 Default 0 --k5=n Mertic K4 Default 0 --mtu=n MTU --nms=n Add NMS (Next multicast message) to Hello packet --eigrpv=s EIGRP release version --ios=s IOS version --hopcount=n Hop count --reliability=n Reliability --load=n Load --delay=n Delay --sequence=n Sequence (32bit sequence) Default = 0 --ack=n Acknowledge (32bit sequence) Default = 0 --nexthop=s Next Hop --bandwidth=n Bandwidth --routedest=s Route destination --origrouter=s Originating router --origas=n Originating Autonomous system number --arbitatag=n Arbitrary tag --metric=n protocol metric (external EIGRP metric for the external updates) --extproto=n External protocol ID IGRP(1) EIGRP(2) Static Route(3) RIP(4) HELLO(5) OSPF(6) IS_IS(7) EGP(8) BGP(9) IDRP(10) Connected link(11) --hold=n Hold time in seconds --hellotime=n Hello send retries timeout . Default = 5 sec --hellodos=s IP subnet. Nasty DOS attack! Send HELLO EIGRP Argument from IP range. --retries=n Packet send retries Default = 1;
Examples: ./eigrp.pl --sniff --iface eth0 ./eigrp.pl --ipgoodbye 192.168.66.202 --source 192.168.7.8 ./eigrp.pl --file2ip update.dat --source 192.168.7.8 ./eigrp.pl --update --external --as 65534 --source 192.168.7.8 ./eigrp.pl --hello --auth 00020010000000020000000000000000000000000efe07403446c77a9697fe5753f79e52 --source 192.168.77.8 --nms 1 ./eigrp.pl --help This message
|
IT Security News:
Pen Testing Framework:
Latest Tool Reviews:
|
| © VulnerabilityAssessment.co.uk 23 February 2008 |
|
