Vulnerability Development mailing list archives

Packet Fragmentation Attacks

From: Max <max0r () digitalsamurai org>
Date: Thu, 24 Aug 2000 19:18:58 +0000

I was reciently experimenting with some packet fragmentation attacks
against my hope network. Please tell me if this old new or not, but here
goes:

I wrote the "flooder", to create a random ip header ip, and for each
subsequent packet, the ip_id would be decreased. I used a random
fragmentation offset in the attack. I ran the attack, ok, load average
increase, nothing amazing. All of a sudden after about 30 seconds,
I recieve the following kernel message:

"Aug 24 10:10:43 orion /bsd: ne3: warning - reciever ring buffer
overrun".

Mind you, this is the box _BEING_ attacked, not the one doing the
attacking.

Any ideas?
-Max

--
[FCS] Yea, We Regulate [FCS]

Current thread:

Packet Fragmentation Attacks Max (Aug 24)
- Re: Packet Fragmentation Attacks Mikael Olsson (Aug 25)
- Remote exploitation of network scanners? Lincoln Yeoh (Aug 25)
  - Re: Remote exploitation of network scanners? Paul Cardon (Aug 25)
  - Re: Remote exploitation of network scanners? Marc Maiffret (Aug 25)
  - Re: Remote exploitation of network scanners? Ricardo Anguiano (Aug 25)
    - Re: Remote exploitation of network scanners? Bluefish (P.Magnusson) (Aug 26)
    - Re: Remote exploitation of network scanners? Lincoln Yeoh (Aug 26)
    - Re: Remote exploitation of network scanners? Ricardo Anguiano (Aug 26)
    - Re: Remote exploitation of network scanners? Ryan Sweat (Aug 26)
  - Re: Remote exploitation of network scanners? Adam Prato (Aug 25)

(Thread continues...)