Penetration Testing mailing list archives

Re: Are Fragmentation Attacks Still Used for IDS/IPS Evasion?

From: seclt yuri <secltyuri () yahoo com>
Date: Tue, 25 Sep 2007 19:29:19 -0700 (PDT)

Yes but this effectively means that fragmentation
attacks are useless if launched across the 'Net and
when performing a penetration test without local
access.

Also, even internal host systems are usually
segregated from servers and server vlans by a
firewall, so even then, I can't see how fragmentation
attacks would be effective.  The only scenario that I
can think of would be within the same subnet or vlan
where traffic doesn't pass through a firewall.

Please correct me if I am wrong.  Thank you.

--- Harry Hoffman <hhoffman () ip-solutions net> wrote:

yep, unfortunately not enough people using host
based firewalls and alot 
of attacks happen inside of where the firewall
protects (i.e. local lan)

seclt yuri wrote:

Hi,
  I was just reading up on fragmentation attacks

using

fragrouter and fragrouter as a mean of IDS/IPS
evasion.  However, since almost all firewalls both
commercial and free (iptables for examples) now

have

support for fragment reassembly, are fragmentation
attacks still effective?  Thanks.

____________________________________________________________________________________

Need a vacation? Get great deals
to amazing places on Yahoo! Travel.
http://travel.yahoo.com/

------------------------------------------------------------------------

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution

FREE today!


http://www.cenzic.com/downloads

------------------------------------------------------------------------

------------------------------------------------------------------------

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE
today!

http://www.cenzic.com/downloads

------------------------------------------------------------------------




      ____________________________________________________________________________________
Fussy? Opinionated? Impossible to please? Perfect.  Join Yahoo!'s user panel and lay it on us. 
http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7 



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

Are Fragmentation Attacks Still Used for IDS/IPS Evasion? seclt yuri (Sep 25)
- Re: Are Fragmentation Attacks Still Used for IDS/IPS Evasion? Harry Hoffman (Sep 25)
  - Re: Are Fragmentation Attacks Still Used for IDS/IPS Evasion? seclt yuri (Sep 25)
    - Re: Are Fragmentation Attacks Still Used for IDS/IPS Evasion? Harry Hoffman (Sep 25)
    - RE: Are Fragmentation Attacks Still Used for IDS/IPS Evasion? Philippe Bogaerts (Sep 26)
    - RE: Are Fragmentation Attacks Still Used for IDS/IPS Evasion? Shenk, Jerry A (Sep 26)
    - RE: Are Fragmentation Attacks Still Used for IDS/IPS Evasion? xxradar (Sep 26)
- Re: Are Fragmentation Attacks Still Used for IDS/IPS Evasion? Joseph McCray (Sep 30)
- <Possible follow-ups>
- Re: Re: Are Fragmentation Attacks Still Used for IDS/IPS Evasion? vijay . upadhyaya (Sep 30)
- Re: Are Fragmentation Attacks Still Used for IDS/IPS Evasion? seclt yuri (Sep 30)