[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-sun
Subject:    IP fragmentation
From:       "Kuk-hyeon Lee" <errai () hitel ! net>
Date:       2001-12-04 1:28:25
[Download RAW message or body]

Hi all. I making IDS evasion tool in Solaris. and I want to fragment ip
header
with LIBNET in Solaris 8. But I succeed it in Linux system, failed in
Solaris System.
I used IP_MF frag, but all packets have [DF] frag.

ex1) nomal packet (in Linux)
12.102.204.28 > 10.3.56.2: (frag 666:1480@60680+)
12.102.204.28 > 10.3.56.2: (frag 666:1480@62160+)

ex2) wrong packet(in Solaris)
22:19:06.566965 12.102.204.28 > 10.3.56.2: icmp: echo request (DF)
22:19:06.567009 12.102.204.28 > 10.3.56.2: icmp: echo request (DF)
(Don't fragmentation)

ex1 and ex2 is same source. Solaris kernel working something to obstruct
fragmentation packet? or Libnet's problem?

Thanks in advance.

--
Lee, Kuk-hyeon

[prev in list] [next in list] [prev in thread] [next in thread]