1 #!/usr/local/bin/python2.7
6 from sniffer import Sniffer
8 def check_icmp_error(args, packet):
9 ip = packet.getlayer(sp.IP)
12 if ip.dst != args.to[0]:
15 icmp = packet.getlayer(sp.ICMP)
18 if icmp.type != 3 or icmp.code != 3:
24 parser = argparse.ArgumentParser("CVE-2019-icmp.py",
25 description="CVE-2019-icmp test tool")
26 parser.add_argument('--sendif', nargs=1,
28 help='The interface through which the packet will be sent')
29 parser.add_argument('--recvif', nargs=1,
31 help='The interface on which to check for the packet')
32 parser.add_argument('--src', nargs=1,
34 help='The source IP address')
35 parser.add_argument('--to', nargs=1,
37 help='The destination IP address')
39 args = parser.parse_args()
41 # Send the allowed packet to establish state
43 sp.IP(src=args.src[0], dst=args.to[0]) / \
44 sp.UDP(dport=53, sport=1234)
45 sp.sendp(udp, iface=args.sendif[0], verbose=False)
47 # Start sniffing on recvif
48 sniffer = Sniffer(args, check_icmp_error)
50 # Send the bad error packet
51 icmp_reachable = sp.Ether() / \
52 sp.IP(src=args.src[0], dst=args.to[0]) / \
53 sp.ICMP(type=3, code=3) / \
54 sp.IP(src="4.3.2.1", dst="1.2.3.4") / \
55 sp.UDP(dport=53, sport=1234)
56 sp.sendp(icmp_reachable, iface=args.sendif[0], verbose=False)
59 if sniffer.foundCorrectPacket:
64 if __name__ == '__main__':