fragrouter包装说明
Fragrouter是一个网络入侵检测逃避工具包。它实现了大部分的安全网络所描述的攻击“插入,逃避和拒绝服务:逃避网络入侵检测系统”1998年1月纸。
这个项目是在一个更精确的测试方法可能适用于网络入侵检测,这仍然是一个黑色艺术充其量领域的希望。
从概念上讲,fragrouter只是单向的分段路由器 - IP包都是从攻击者的fragrouter,这将其转换为一个段数据流转发到受害者发送。
资料来源:fragrouter自述
- 作者:宋挖,Anzen计算
- 许可:GPL第二版
包含在fragrouter包工具
fragrouter - IDS逃避工具包
[email protected]:~# fragrouter
Version 1.6
Usage: fragrouter [-i interface] [-p] [-g hop] [-G hopcount] ATTACK
where ATTACK is one of the following:
-B1: base-1: normal IP forwarding
-F1: frag-1: ordered 8-byte IP fragments
-F2: frag-2: ordered 24-byte IP fragments
-F3: frag-3: ordered 8-byte IP fragments, one out of order
-F4: frag-4: ordered 8-byte IP fragments, one duplicate
-F5: frag-5: out of order 8-byte fragments, one duplicate
-F6: frag-6: ordered 8-byte fragments, marked last frag first
-F7: frag-7: ordered 16-byte fragments, fwd-overwriting
-T1: tcp-1: 3-whs, bad TCP checksum FIN/RST, ordered 1-byte segments
-T3: tcp-3: 3-whs, ordered 1-byte segments, one duplicate
-T4: tcp-4: 3-whs, ordered 1-byte segments, one overwriting
-T5: tcp-5: 3-whs, ordered 2-byte segments, fwd-overwriting
-T7: tcp-7: 3-whs, ordered 1-byte segments, interleaved null segments
-T8: tcp-8: 3-whs, ordered 1-byte segments, one out of order
-T9: tcp-9: 3-whs, out of order 1-byte segments
-C2: tcbc-2: 3-whs, ordered 1-byte segments, interleaved SYNs
-C3: tcbc-3: ordered 1-byte null segments, 3-whs, ordered 1-byte segments
-R1: tcbt-1: 3-whs, RST, 3-whs, ordered 1-byte segments
-I2: ins-2: 3-whs, ordered 1-byte segments, bad TCP checksums
-I3: ins-3: 3-whs, ordered 1-byte segments, no ACK set
-M1: misc-1: Windows NT 4 SP2 - http://www.dataprotect.com/ntfrag/
-M2: misc-2: Linux IP chains - http://www.dataprotect.com/ipchains/fragrouter用法示例
使用eth0设备(-i eth0的),发责令8个字节的IP碎片(-F1):
[email protected]:~# fragrouter -i eth0 -F1
fragrouter: frag-1: ordered 8-byte IP fragments