Penetration Testing mailing list archives
Re: [PEN-TEST] IP fragmentation attack
From: Tom Vandepoel <Tom.Vandepoel () UBIZEN COM>
Date: Sat, 21 Oct 2000 00:53:08 +0200
Cold Fire wrote:
ap has a '-f' option that seems subject to a lot of caveats. It'srumored to work on linux, and I've found one specific patch to nmap to exploit this in an older vulnerability in ipchains (or was it ipfwadm?).Fragrouter has various options built in to exploit older holes such as the ipchains hole, I would suggest setting up fragrouter on a second host between your attack-host and target your attack via that host, using all of the fragrouter attacks, for example even just running ISS or CyberCop at a host via fragrouter you will see 'interesting' Data passing through most commercil firewalls. If you do not understand this, i suggest reading more carefully the docs on: http://www.monkey.org/~dugsong/
I understand what fragrouter does, no problem, but I'd like to hear about practical experience with this. Which mode works best for what, what are the effects of a particular OS stack used as the fragrouter, stuff like that... There seem to be a lot of caveats when you're doing frag work. It's fine to play with this in a controlled lab environment, but what does it gain you in the real world, eg. is someone here that can state: 'IOS acl's, yes: I can punch through those time any time, no prob.'. And I don't mean exploiting the stateless filtering. We all know that to allow outgoing ftp with that type of filtering, you have to allow incoming tcp to port >1023, I'm not talking about that: I'm talking sending packets past the filter that were not meant to be sent past... Tom. -- _________________________________________________ Tom Vandepoel Sr. Network Security Engineer www.ubizen.com tel +32 (0)16 28 70 00 - fax +32 (0)16 28 71 00 Ubizen - Grensstraat 1b - B-3010 Leuven - Belgium _________________________________________________
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- [PEN-TEST] IP fragmentation attack Dario Forte - Csi Member - (Oct 18)
- Re: [PEN-TEST] IP fragmentation attack Fabio Pietrosanti (naif) (Oct 18)
- Re: [PEN-TEST] IP fragmentation attack Tom Vandepoel (Oct 19)
- Re: [PEN-TEST] IP fragmentation attack Cold Fire (Oct 20)
- Re: [PEN-TEST] IP fragmentation attack Tom Vandepoel (Oct 20)
- Re: [PEN-TEST] IP fragmentation attack Mitchell, Edward (Oct 21)
- Re: [PEN-TEST] IP fragmentation attack Tom Vandepoel (Oct 19)
- Re: [PEN-TEST] IP fragmentation attack Fabio Pietrosanti (naif) (Oct 18)
- <Possible follow-ups>
- Re: [PEN-TEST] IP fragmentation attack Miller, William T DISC4/Sytex (Oct 18)
- Re: [PEN-TEST] IP fragmentation attack Bradley M Alexander (Oct 18)
- Re: [PEN-TEST] IP fragmentation attack Nicolas FISCHBACH (Oct 20)
- Re: [PEN-TEST] IP fragmentation attack Bradley M Alexander (Oct 18)
- Re: [PEN-TEST] IP fragmentation attack net tigr (Oct 19)