1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
==========
fragrouter
==========
What is fragrouter?
-------------------
Fragrouter is a network intrusion detection evasion toolkit. It
implements most of the attacks described in the Secure Networks
"Insertion, Evasion, and Denial of Service: Eluding Network Intrusion
Detection" paper of January 1998.
This program was written in the hopes that a more precise testing
methodology might be applied to the area of network intrusion
detection, which is still a black art at best.
Conceptually, fragrouter is just a one-way fragmenting router - IP
packets get sent from the attacker to the fragrouter, which transforms
them into a fragmented data stream to forward to the victim.
attack fragmented attack
+-------+ +------------+ +--------+
| hax0r |------->| fragrouter |- - - - - - - - - - ->| victim |
+-------+ +------------+ | +--------+
V
+------+------+
| network IDS |
+-------------+
Most network IDSs fall victim to this attack-hiding technique because
they don't bother to reconstruct a coherent view of the network data
(via IP fragmentation and TCP stream reassembly).
What systems does fragrouter support?
-------------------------------------
Fragrouter is fairly portable, relying on libpcap and libnet for
packet capture and raw IP packet construction.
Fragrouter has been successfully tested on
- OpenBSD 2.x
- FreeBSD 3.x
- BSD/OS 3.x
- Redhat Linux 5.x
- Solaris 2.x
Who can use fragrouter?
-----------------------
Fragrouter is licensed under a BSD-style license, as in the included
LICENSE file. Please read the license to make sure it's okay to use it
in your circumstances.
Contact info?
-------------
The primary fragrouter site is
http://www.anzen.com/research/nidsbench/
Please send bug reports, comments, or questions about this software to
<nidsbench@anzen.com>.
---
$Id: README,v 1.15 1999/07/29 15:52:32 dugsong Exp $
|
