Re: [PEN-TEST] IP fragmentation attack

[Cold Fire <coldfire () CLOSED-NETWORKS COM>]

On Thu, Oct 19, 2000 at 11:57:29PM +0200, Tom Vandepoel wrote:
> How many people here have *practical* experience with bypassing say a
> IOS acl filter with IP frags? In theory it can be done, but it seems
> that only very few people have actually succeedded in doing that.
> Fragrouter might help, but it seems its primary use is to confuse NIDS
> systems.
>
> Nmap has a '-f' option that seems subject to a lot of caveats. It's
> rumored to work on linux, and I've found one specific patch to nmap to
> exploit this in an older vulnerability in ipchains (or was it ipfwadm?).

Fragrouter has various options built in to exploit older holes such as
the ipchains hole, I would suggest setting up fragrouter on a second
host between your attack-host and target your attack via that host, using
all of the fragrouter attacks, for example even just running ISS
or CyberCop at a host via fragrouter you will see 'interesting'
Data passing through most commercil firewalls. If you do not understand
this, i suggest reading more carefully the docs on:
http://www.monkey.org/~dugsong/

Monkeys are cool, Army of the Twelve Monkeys Forever!!!!!!!

I know there are much better qualified people than me here to explain
why firewall manufactures are unable to block this kind of thing
effectively, let them do it, thats what they are payed for :)


CF
 - Army of the Twelve Monkeys
 - Agent of a hostile power - John Austin (Detective Chief Inspector
   SO 6 New Scotland Yard, 1996)

--
'Cold Fire, Britains most notorious hacker' Observer, July 1997
'The most recent conviction was that of [Cold Fire] whose On-line
escapades spanned from hacking into educational sites to more
sinister activities such as tapping into industrial and United
States military sites.' DC Paul Cox, SO6 Scotland Yard CCU