Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Conditions to detect "IP Fragment Attack" (Signature ID 1100)

Hi

I want to examin whether some OSs have an endurance against

"IP Fragment Attack" (Signature ID:1100), and want to detect

the psudo-attack by SecureIDS 4210 (3.1(2)S29).

In NSDB, it is described that the trigger of

"IP Fragment Attack" is IP datagram with an offset value

less than 5 but greater than 0 indicated in the offset field.

So I tried a network tool able to send custom IP packets,

but the psude-attack was not detected.

(I tried hping2, http://www.hping.org.)

Are there any conditions set as datagram in addition to

an offset value to detect "IP Fragment Attack" ?

And, is detectable datagram generable,

if which tool is used and which options are set up?

Thank you.

Chiaki Hanyu

NTT DATA SECURITY CORPORATION, Japan

242
Views
0
Helpful
0
Replies
CreatePlease to create content