File: README.Debian

package info (click to toggle)
fragroute 1.2-7.1
  • links: PTS
  • area: main
  • in suites: etch, etch-m68k
  • size: 692 kB
  • ctags: 520
  • sloc: ansic: 4,331; sh: 2,968; makefile: 74
file content (52 lines) | stat: -rw-r--r-- 2,320 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
fragroute for Debian
--------------------

From Dug Song's page at: http://www.monkey.org/~dugsong/fragroute/

    fragroute intercepts, modifies, and rewrites egress traffic destined
    for a specified host, implementing most of the attacks described in
    the Secure Networks "Insertion, Evasion, and Denial of Service:
    Eluding Network Intrusion Detection" paper of January 1998.

    It features a simple ruleset language to delay, duplicate, drop,
    fragment, overlap, print, reorder, segment, source-route, or
    otherwise monkey with all outbound packets destined for a target
    host, with minimal support for randomized or probabilistic
    behaviour.

    This tool was written in good faith to aid in the testing of network
    intrusion detection systems, firewalls, and basic TCP/IP stack
    behaviour. Please do not abuse this software. 

    Sample applications:
        * test network IDS timeout and reassembly parameters
        * test TCP/IP scrubbing (norm, OpenBSD pf)
        * test firewall stateful inspection
        * simulate one-way latency, loss, reordering, and
        * retransmissions
        * implement TCP Daytona (i will not release this, sorry)
        * implement TCP MSS clamping
        * evade "passive OS fingerprinting" techniques 

When building this package, I have modified it to use libdumbnet, which
is libdnet renamed.  I did this because libdnet is already used inside
Debian, for the DECnet library.

As well, you must disable spoof-protection for the interface you are
sniffing.  This is controlled by the "spoofprotect" variable in
/etc/network/options.  Under GNU/Linux, this behaviour is most likely
controlled by the kernel.  You can set the specific interface by using:
    echo "0" > /proc/sys/net/ipv4/conf/INTERFACE/rp_filter

* * * * IMPORTANT * * * *

fragtest does not work properly on all its configuration options.
The options: ip-opt, frag-new and frag-timeout do not work properly,
as they rely on a feature of libpcap that is not implemented for 
GNU/Linux systems.  The good news, though, is that ip-opt does work
in some sense.  The following command:
    fragtest ping ip-opt localhost
will generate a response, but you will have to C-c out of the hung
state.

 -- Simon Law <sfllaw@engmail.uwaterloo.ca>, Sun,  8 Sep 2002 21:44:35 -0400