lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <BCB333B4.14AE6%gandalf@digital.net>
Date: Mon, 26 Apr 2004 21:46:28 -0500
From: Gandalf The White <gandalf@...ital.net>
To: BugTraq <bugtraq@...urityfocus.com>
Cc: Ken Hollis <gandalf@...ital.net>
Subject: Source Code To Test IPv4 fragmentation --> The Rose Attack


Greetings and Salutations:

I have updated the instructions for the Rose Fragmentation Attack and
clarified the attack (per some questions that have been asked).  The
instructions are now at the following URL:
http://digital.net/~gandalf/Rose_Frag_Attack_Explained.txt

Specifically I have added the links to two pieces of software that have been
written to test this attack:
Laurent Constantin was kind enough to program this attack from the below
somewhat unwieldy set of instructions.  The program can be found at the
following URL:
http://digital.net/~gandalf/RoseAttackv1.txt

Chuck (at) lemure.net found that he could spike the CPU of a Windows 200
machine to 100 percent with his code:
http://digital.net/~gandalf/RoseAttackv2.txt

Chuck's explanation:
I have just been playing around with the timing on the second one.  What I
have discovered is CPU only spikes for reassembling fragments for packets
that already exist (ie, if you run incre_frag once, then ctrl-c and start
again, the CPU and resources won't go through the moon).  Compiles on
redhat-9.0

If you have any questions please feel free to ask me.

Ken

---------------------------------------------------------------
Do not meddle in the affairs of wizards for they are subtle and
quick to anger.
Ken Hollis - Gandalf The White - gandalf@...ital.net - O- TINLC
WWW Page - http://digital.net/~gandalf/
Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html
Trolls crossposts - http://digital.net/~gandalf/trollfaq.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ