I want to examin whether some OSs have an endurance against
"IP Fragment Attack" (Signature ID:1100), and want to detect
the psudo-attack by SecureIDS 4210 (3.1(2)S29).
In NSDB, it is described that the trigger of
"IP Fragment Attack" is IP datagram with an offset value
less than 5 but greater than 0 indicated in the offset field.
So I tried a network tool able to send custom IP packets,
but the psude-attack was not detected.
(I tried hping2, http://www.hping.org.)
Are there any conditions set as datagram in addition to
an offset value to detect "IP Fragment Attack" ?
And, is detectable datagram generable,
if which tool is used and which options are set up?
NTT DATA SECURITY CORPORATION, Japan