rosefrag.py (not yet verified)




News:

 29-04-2004:Update - fixed a problem with random numbers. fixed a problem with the id
29-04-2004:Initial Relase of rosefrag.py

Introduction:


rosefrag.py is a Script that shows how the "Rose Frag" called IP Fragmentation attack works. (Described in Rose_Frag_Attack_Explained.txt).
The program sends a large amount of Fragmented IP Packets (Containing TCP, but this is not relevant). They are sent in pairs of 2. The first one at frag Offset 1 (Byte 8), the second one at frag offset 16330 (Byte 65324). The IP Stack on the Target host has to allocate memory for the packet reassembly ~64k. If enough such fragment pairs are sent to the target host, so that he can not allocate more memory, the host should refuse all packets that need to be reassembled. Resulting in a Denial of Service.

Requirements:

python (2.2 should do)
Scapy

Usage:



rosefrag.py [-q] [-v] [-c <count>] <dstip> <srcip>

-q
 Quiet mode.
-v
 Verbose mode.
-c
 Sends <count> Packets. 0 means send an infinite Number of Packets
<dstip>
 Destination IP (No support for hostnames)
<srcip>
 Source IP (No support for hostnames), 0.0.0.0 means random IP for each Packet


example: rosefrag.py -q -c 1000 10.0.0.1 0.0.0.0

Download:


rosefrag.py (first release)
rosefrag.tgz Bundled with scapy

Known Problems:

None yet.

Note of the Author:


The only purpose of this Program is to show the Problem with the reassembly of Fragmented Packets. You are not allowed to use it to achieve damage on Systems which you do not own.



Related:


None yet.
r3d5un <r3d5un - at - tznetz.com>