 
Bugtraq mailing list archives
Source Code To Test IPv4 fragmentation --> The Rose Attack
From: Gandalf The White <gandalf () digital net>
Date: Mon, 26 Apr 2004 21:46:28 -0500
Greetings and Salutations: I have updated the instructions for the Rose Fragmentation Attack and clarified the attack (per some questions that have been asked). The instructions are now at the following URL: http://digital.net/~gandalf/Rose_Frag_Attack_Explained.txt Specifically I have added the links to two pieces of software that have been written to test this attack: Laurent Constantin was kind enough to program this attack from the below somewhat unwieldy set of instructions. The program can be found at the following URL: http://digital.net/~gandalf/RoseAttackv1.txt Chuck (at) lemure.net found that he could spike the CPU of a Windows 200 machine to 100 percent with his code: http://digital.net/~gandalf/RoseAttackv2.txt Chuck's explanation: I have just been playing around with the timing on the second one. What I have discovered is CPU only spikes for reassembling fragments for packets that already exist (ie, if you run incre_frag once, then ctrl-c and start again, the CPU and resources won't go through the moon). Compiles on redhat-9.0 If you have any questions please feel free to ask me. Ken --------------------------------------------------------------- Do not meddle in the affairs of wizards for they are subtle and quick to anger. Ken Hollis - Gandalf The White - gandalf () digital net - O- TINLC WWW Page - http://digital.net/~gandalf/ Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html Trolls crossposts - http://digital.net/~gandalf/trollfaq.html
Current thread:
- Source Code To Test IPv4 fragmentation --> The Rose Attack Gandalf The White (Apr 27)


