========== fragrouter ========== What is fragrouter? ------------------- Fragrouter is a network intrusion detection evasion toolkit. It implements most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998. This program was written in the hopes that a more precise testing methodology might be applied to the area of network intrusion detection, which is still a black art at best. Conceptually, fragrouter is just a one-way fragmenting router - IP packets get sent from the attacker to the fragrouter, which transforms them into a fragmented data stream to forward to the victim. attack fragmented attack +-------+ +------------+ +--------+ | hax0r |------->| fragrouter |- - - - - - - - - - ->| victim | +-------+ +------------+ | +--------+ V +------+------+ | network IDS | +-------------+ Most network IDSs fall victim to this attack-hiding technique because they don't bother to reconstruct a coherent view of the network data (via IP fragmentation and TCP stream reassembly). What systems does fragrouter support? ------------------------------------- Fragrouter is fairly portable, relying on libpcap and libnet for packet capture and raw IP packet construction. Fragrouter has been successfully tested on - OpenBSD 2.x - FreeBSD 3.x - BSD/OS 3.x - Redhat Linux 5.x - Solaris 2.x Who can use fragrouter? ----------------------- Fragrouter is licensed under a BSD-style license, as in the included LICENSE file. Please read the license to make sure it's okay to use it in your circumstances. Contact info? ------------- The primary fragrouter site is http://www.anzen.com/research/nidsbench/ Please send bug reports, comments, or questions about this software to . --- $Id: README,v 1.15 1999/07/29 15:52:32 dugsong Exp $