Penetration Testing mailing list archives
Re: [PEN-TEST] IP fragmentation attack
From: Tom Vandepoel <Tom.Vandepoel () UBIZEN COM>
Date: Thu, 19 Oct 2000 23:57:29 +0200
"Fabio Pietrosanti (naif)" wrote:
Hi Dario, Working with Cisco PIX Firewall, i notice that NO malicious fragment should pass this statefull firewall, also the ios's CBAC with "ip inspect fragment" every kind of attack that use fragmentation. My lab is doing an specific pen test against two different lan segment(Firewall and Ids Protected), with Ip Frag Attack. Does somebody can highlight some real recent news about this issue ? We already know the lance's, rfc's and DugSong paper about these argument;we would like to know more info (and opinions) about the fact that IP fragmentation works as firewalls are supposed to keep the state of a connection. Thanks in advance dario
How many people here have *practical* experience with bypassing say a IOS acl filter with IP frags? In theory it can be done, but it seems that only very few people have actually succeedded in doing that. Fragrouter might help, but it seems its primary use is to confuse NIDS systems. Nmap has a '-f' option that seems subject to a lot of caveats. It's rumored to work on linux, and I've found one specific patch to nmap to exploit this in an older vulnerability in ipchains (or was it ipfwadm?).
From what I've gathered, there seem to be a lot of variations possible
and there is a lot of dependency on the type of OS you're sending the frags from. Anyone? Tom. -- _________________________________________________ Tom Vandepoel Sr. Network Security Engineer www.ubizen.com tel +32 (0)16 28 70 00 - fax +32 (0)16 28 71 00 Ubizen - Grensstraat 1b - B-3010 Leuven - Belgium _________________________________________________
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- [PEN-TEST] IP fragmentation attack Dario Forte - Csi Member - (Oct 18)
- Re: [PEN-TEST] IP fragmentation attack Fabio Pietrosanti (naif) (Oct 18)
- Re: [PEN-TEST] IP fragmentation attack Tom Vandepoel (Oct 19)
- Re: [PEN-TEST] IP fragmentation attack Cold Fire (Oct 20)
- Re: [PEN-TEST] IP fragmentation attack Tom Vandepoel (Oct 20)
- Re: [PEN-TEST] IP fragmentation attack Mitchell, Edward (Oct 21)
- Re: [PEN-TEST] IP fragmentation attack Tom Vandepoel (Oct 19)
- Re: [PEN-TEST] IP fragmentation attack Fabio Pietrosanti (naif) (Oct 18)
- <Possible follow-ups>
- Re: [PEN-TEST] IP fragmentation attack Miller, William T DISC4/Sytex (Oct 18)
- Re: [PEN-TEST] IP fragmentation attack Bradley M Alexander (Oct 18)
- Re: [PEN-TEST] IP fragmentation attack Nicolas FISCHBACH (Oct 20)
- Re: [PEN-TEST] IP fragmentation attack Bradley M Alexander (Oct 18)
- Re: [PEN-TEST] IP fragmentation attack net tigr (Oct 19)