Penetration Testing mailing list archives
Re: [PEN-TEST] IP fragmentation attack
From: "Mitchell, Edward" <ed () THE7THBEER COM>
Date: Sat, 21 Oct 2000 07:25:04 -0700
Packet reassembly is "hard"(apparently some FW and sec. software makers have different meanings of "hard"). NFR reassembles just fine for complete inspection, so code to do it is, within a certain set of parameters, trivial. Of course, when you have to deal with people like CheckPoint and Nokia(with IPSO under FW1), the answers range from "Oh, you don't really NEED to reassemble packets" to "Yes, we can do it at the rate of 321Mbytes of packets/sec(lame).
I know there are much better qualified
people than me here to explain > why firewall manufactures are unable to block this kind of thing
effectively, let them do it, thats what they are payed for :) CF - Army of the Twelve Monkeys - Agent of a hostile power - John Austin (Detective Chief Inspector SO 6 New Scotland Yard, 1996) -- 'Cold Fire, Britains most notorious hacker' Observer, July 1997 'The most recent conviction was that of [Cold Fire] whose On-line escapades spanned from hacking into educational sites to more sinister activities such as tapping into industrial and United States military sites.' DC Paul Cox, SO6 Scotland Yard CCU
Current thread:
- [PEN-TEST] IP fragmentation attack Dario Forte - Csi Member - (Oct 18)
- Re: [PEN-TEST] IP fragmentation attack Fabio Pietrosanti (naif) (Oct 18)
- Re: [PEN-TEST] IP fragmentation attack Tom Vandepoel (Oct 19)
- Re: [PEN-TEST] IP fragmentation attack Cold Fire (Oct 20)
- Re: [PEN-TEST] IP fragmentation attack Tom Vandepoel (Oct 20)
- Re: [PEN-TEST] IP fragmentation attack Mitchell, Edward (Oct 21)
- Re: [PEN-TEST] IP fragmentation attack Tom Vandepoel (Oct 19)
- Re: [PEN-TEST] IP fragmentation attack Fabio Pietrosanti (naif) (Oct 18)
- <Possible follow-ups>
- Re: [PEN-TEST] IP fragmentation attack Miller, William T DISC4/Sytex (Oct 18)
- Re: [PEN-TEST] IP fragmentation attack Bradley M Alexander (Oct 18)
- Re: [PEN-TEST] IP fragmentation attack Nicolas FISCHBACH (Oct 20)
- Re: [PEN-TEST] IP fragmentation attack Bradley M Alexander (Oct 18)
- Re: [PEN-TEST] IP fragmentation attack net tigr (Oct 19)