Table of Contents
fragrouter - network intrusion detection evasion toolkit
fragrouter [ -i interface ] [ -p ] [ ATTACK ] host
Fragrouter is a program for routing network traffic in such
a way as to elude most network intrusion detection systems.
The attacks
implemented correspond to those listed in the Secure Networks ``Insertion,
Evasion, and Denial of Service: Eluding Network Intrusion Detection'' paper
of January, 1998.
- -i
- Specify the interface to accept packets on.
- -p
- Preserve the entire protocol header in the first fragment. This is enabled
by default on Linux, which doesn't allow sending of short fragments.
The
following attack options are mutually exclusive - you may only specify
one type of attack to run at a time.
- -B1
- baseline-1 : Normal IP forwarding.
- -F1
- frag-1 : Send data in ordered 8-byte IP fragments.
- -F2
- frag-2 : Send data
in ordered 24-byte IP fragments.
- -F3
- frag-3 : Send data in ordered 8-byte
IP fragments, with one fragment sent out of order.
- -F4
- frag-4 : Send data
in ordered 8-byte IP fragments, duplicating the penultimate fragment in
each packet.
- -F5
- frag-5 : Send data in out of order 8-byte IP fragments,
duplicating the penultimate fragment in each packet.
- -F6
- frag-6 : Send data
in ordered 8-byte IP fragments, sending the marked last fragment first.
- -F7
- frag-7 : Send data in ordered 16-byte IP fragments, preceding each fragment
with an 8-byte null data fragment that overlaps the latter half of it. This
amounts to the forward-overlapping 16-byte fragment rewriting the null data
back to the real attack.
tcpdump(8)
, tcpreplay(8)
, pcap(3)
, libnet(3)
Dug
Song, Anzen Computing.
The current version is available via HTTP:
http://www.anzen.com/research/nidsbench/
Please send bug reports to nidsbench@anzen.com.
Table of Contents