[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-sun
Subject: IP fragmentation
From: "Kuk-hyeon Lee" <errai () hitel ! net>
Date: 2001-12-04 1:28:25
[Download RAW message or body]
Hi all. I making IDS evasion tool in Solaris. and I want to fragment ip
header
with LIBNET in Solaris 8. But I succeed it in Linux system, failed in
Solaris System.
I used IP_MF frag, but all packets have [DF] frag.
ex1) nomal packet (in Linux)
12.102.204.28 > 10.3.56.2: (frag 666:1480@60680+)
12.102.204.28 > 10.3.56.2: (frag 666:1480@62160+)
ex2) wrong packet(in Solaris)
22:19:06.566965 12.102.204.28 > 10.3.56.2: icmp: echo request (DF)
22:19:06.567009 12.102.204.28 > 10.3.56.2: icmp: echo request (DF)
(Don't fragmentation)
ex1 and ex2 is same source. Solaris kernel working something to obstruct
fragmentation packet? or Libnet's problem?
Thanks in advance.
--
Lee, Kuk-hyeon
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic