RE: Does Debian drop customized fragmented packets?

[<Derek_Chen () trend com tw>]

The value has already been 0. Is there other setting that may affect the behavior?

Regards,
Derek

-----Original Message-----
From: Huzeyfe ONAL(Gmail) [mailto:huzeyfe.onal () gmail com] 
Sent: Thursday, October 22, 2009 1:58 PM
To: Derek Chen (RD-TW)
Cc: pen-test () securityfocus com
Subject: Re: Does Debian drop customized fragmented packets?

Hi,

try after disabling spoof protection on the interface which you'r
trying to send frag. packets.

If you read readme.debian for fragroute package it says " ... Under
GNU/Linux, this behaviour is most likely controlled by the kernel.
You can set the specific interface by using:     echo "0" >
/proc/sys/net/ipv4/conf/INTERFACE/rp_filter



---
Huzeyfe ONAL
Ag Guvenligi Listesine uye oldunuz mu?
http://www.lifeoverip.net/netsec-listesi/

---


On Tue, Oct 20, 2009 at 1:17 PM, <Derek_Chen () trend com tw> wrote:
> Hi,
>
> I'm trying to customize an abnormal fragmented packet by setting the fragment offset to a large value. When I sent 
> out the packet, I can sniffer it on the local machine but cannot find it on the LAN. I doubt this packet has never 
> been sent out of the machine. Is there anyone having the same experience? The tool I use is Scapy.
>
> Regards,
> Derek
>
> TREND MICRO EMAIL NOTICE
> The information contained in this email and any attachments is confidential and may be subject to copyright or other 
> intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose 
> this information, and we request that you notify us by reply mail or telephone and delete the original message from 
> your mail system.
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential and may be subject to copyright or other 
intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this 
information, and we request that you notify us by reply mail or telephone and delete the original message from your 
mail system.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------