Penetration Testing mailing list archives
Re: [PEN-TEST] IP fragmentation attack
From: Cold Fire <coldfire () CLOSED-NETWORKS COM>
Date: Fri, 20 Oct 2000 05:06:29 +0100
On Thu, Oct 19, 2000 at 11:57:29PM +0200, Tom Vandepoel wrote:
How many people here have *practical* experience with bypassing say a IOS acl filter with IP frags? In theory it can be done, but it seems that only very few people have actually succeedded in doing that. Fragrouter might help, but it seems its primary use is to confuse NIDS systems. Nmap has a '-f' option that seems subject to a lot of caveats. It's rumored to work on linux, and I've found one specific patch to nmap to exploit this in an older vulnerability in ipchains (or was it ipfwadm?).
Fragrouter has various options built in to exploit older holes such as the ipchains hole, I would suggest setting up fragrouter on a second host between your attack-host and target your attack via that host, using all of the fragrouter attacks, for example even just running ISS or CyberCop at a host via fragrouter you will see 'interesting' Data passing through most commercil firewalls. If you do not understand this, i suggest reading more carefully the docs on: http://www.monkey.org/~dugsong/ Monkeys are cool, Army of the Twelve Monkeys Forever!!!!!!! I know there are much better qualified people than me here to explain why firewall manufactures are unable to block this kind of thing effectively, let them do it, thats what they are payed for :) CF - Army of the Twelve Monkeys - Agent of a hostile power - John Austin (Detective Chief Inspector SO 6 New Scotland Yard, 1996) -- 'Cold Fire, Britains most notorious hacker' Observer, July 1997 'The most recent conviction was that of [Cold Fire] whose On-line escapades spanned from hacking into educational sites to more sinister activities such as tapping into industrial and United States military sites.' DC Paul Cox, SO6 Scotland Yard CCU
Current thread:
- [PEN-TEST] IP fragmentation attack Dario Forte - Csi Member - (Oct 18)
- Re: [PEN-TEST] IP fragmentation attack Fabio Pietrosanti (naif) (Oct 18)
- Re: [PEN-TEST] IP fragmentation attack Tom Vandepoel (Oct 19)
- Re: [PEN-TEST] IP fragmentation attack Cold Fire (Oct 20)
- Re: [PEN-TEST] IP fragmentation attack Tom Vandepoel (Oct 20)
- Re: [PEN-TEST] IP fragmentation attack Mitchell, Edward (Oct 21)
- Re: [PEN-TEST] IP fragmentation attack Tom Vandepoel (Oct 19)
- Re: [PEN-TEST] IP fragmentation attack Fabio Pietrosanti (naif) (Oct 18)
- <Possible follow-ups>
- Re: [PEN-TEST] IP fragmentation attack Miller, William T DISC4/Sytex (Oct 18)
- Re: [PEN-TEST] IP fragmentation attack Bradley M Alexander (Oct 18)
- Re: [PEN-TEST] IP fragmentation attack Nicolas FISCHBACH (Oct 20)
- Re: [PEN-TEST] IP fragmentation attack Bradley M Alexander (Oct 18)
- Re: [PEN-TEST] IP fragmentation attack net tigr (Oct 19)