Penetration Testing mailing list archives
RE: Does Debian drop customized fragmented packets?
From: <Derek_Chen () trend com tw>
Date: Fri, 23 Oct 2009 10:29:32 +0800
The value has already been 0. Is there other setting that may affect the behavior? Regards, Derek -----Original Message----- From: Huzeyfe ONAL(Gmail) [mailto:huzeyfe.onal () gmail com] Sent: Thursday, October 22, 2009 1:58 PM To: Derek Chen (RD-TW) Cc: pen-test () securityfocus com Subject: Re: Does Debian drop customized fragmented packets? Hi, try after disabling spoof protection on the interface which you'r trying to send frag. packets. If you read readme.debian for fragroute package it says " ... Under GNU/Linux, this behaviour is most likely controlled by the kernel. You can set the specific interface by using: echo "0" > /proc/sys/net/ipv4/conf/INTERFACE/rp_filter --- Huzeyfe ONAL Ag Guvenligi Listesine uye oldunuz mu? http://www.lifeoverip.net/netsec-listesi/ --- On Tue, Oct 20, 2009 at 1:17 PM, <Derek_Chen () trend com tw> wrote:
Hi, I'm trying to customize an abnormal fragmented packet by setting the fragment offset to a large value. When I sent out the packet, I can sniffer it on the local machine but cannot find it on the LAN. I doubt this packet has never been sent out of the machine. Is there anyone having the same experience? The tool I use is Scapy. Regards, Derek TREND MICRO EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
TREND MICRO EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Does Debian drop customized fragmented packets? Derek_Chen (Oct 21)
- Message not available
- RE: Does Debian drop customized fragmented packets? Derek_Chen (Oct 27)
- Message not available