Re: [PEN-TEST] IP fragmentation attack

["Mitchell, Edward" <ed () THE7THBEER COM>]

Packet reassembly is "hard"(apparently some FW and sec. software makers
have different meanings of "hard").  NFR reassembles just fine for
complete inspection, so code to do it is, within a certain set of
parameters, trivial.  Of course, when you have to deal with people like
CheckPoint and Nokia(with IPSO under FW1), the answers range from "Oh, you
don't really NEED to reassemble packets" to "Yes, we can do it at the rate
of 321Mbytes of packets/sec(lame).


> I know there are much better qualified
people than me here to
explain > why firewall manufactures are unable to block this kind of thing
> effectively, let them do it, thats what they are payed for :)
>
>
> CF
>  - Army of the Twelve Monkeys
>  - Agent of a hostile power - John Austin (Detective Chief Inspector
>    SO 6 New Scotland Yard, 1996)
>
> --
> 'Cold Fire, Britains most notorious hacker' Observer, July 1997
> 'The most recent conviction was that of [Cold Fire] whose On-line
> escapades spanned from hacking into educational sites to more
> sinister activities such as tapping into industrial and United
> States military sites.' DC Paul Cox, SO6 Scotland Yard CCU