A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:
Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Manual Page - fragroute(8)

Manual Reference Pages  - FRAGROUTE (8)

NAME
fragroute - intercept, modify, and rewrite egress traffic

CONTENTS

Synopsis
Description
Ruleset
Examples
Files
Author
Bugs

SYNOPSIS
fragroute [-f file] host

DESCRIPTION
fragroute intercepts, modifies, and rewrites egress traffic destined for the specified host, implementing most of the attacks described in the Secure Networks ‘‘Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection’’ paper of January 1998.

The options are as follows:

-f file Read ruleset from the specified file instead of /usr/local/etc/fragroute.conf.
Unlike fragrouter(8), this program only affects packets originating from the local machine destined for a remote host. Do not enable IP forwarding on the local machine.

RULESET
fragroute is composed of several modules which enable various configuration directives. Each directive operates on a logical packet queue handed to it by the previous rule.
# string ...
  Ruleset comment, no-op.
delay first|last|random ms
  Delay the delivery of the first, last, or a randomly selected packet from the queue by ms milliseconds.
drop first|last|random prob-%
  Drop the first, last, or a randomly selected packet from the queue with a probability of prob-% percent.
dup first|last|random prob-%
  Duplicate the first, last, or a randomly selected packet from the queue with a probability of prob-% percent.
echo string ...
  Echo the string argument(s) to standard output.
ip_chaff dup|opt|ttl
  Interleave IP packets in the queue with duplicate IP packets containing different payloads, either scheduled for later delivery, carrying invalid IP options, or bearing short time-to-live values.
ip_frag size [old|new]
  Fragment each packet in the queue into size-byte IP fragments, preserving the complete transport header in the first fragment. Optional fragment overlap may be specified as old or new, to favor newer or older data.
ip_opt lsrr|ssrr ptr ip-addr ...
  Add IP options to every packet, to enable loose or strict source routing. The route should be specified as list of IP addresses, and a bytewise pointer into them (e.g. the minimum ptr value is 4).
ip_ttl ttl
  Set the IP time-to-live value of every packet to ttl.
ip_tos tos
  Set the IP type-of-service bits for every packet to tos.
order random|reverse
  Re-order the packets in the queue randomly, or in reverse.
print Print each packet in the queue in tcpdump-style format.
tcp_chaff cksum|null|paws|rexmit|seq|syn|ttl
  Interleave TCP segments in the queue with duplicate TCP segments containing different payloads, either bearing invalid TCP checksums, null TCP control flags, older TCP timestamp options for PAWS elimination, faked retransmits scheduled for later delivery, out-of-window sequence numbers, requests to re-synchronize sequence numbers mid-stream, or short time-to-live values.
tcp_opt mss|wscale size
  Add TCP options to every TCP packet, to set the maximum segment size or window scaling factor.
tcp_seg size [old|new]
  Segment each TCP data segment in the queue into size-byte TCP segments. Optional segment overlap may be specified as old or new, to favor newer or older data.

EXAMPLES
Fragment all traffic to a Windows host into forward-overlapping 8-byte fragments (favoring older data), reorder randomly, and print to standard output: 

        ip_frag 8 old
        order random
        print

Segment all TCP data to a host into forward-overlapping 4-byte segments (favoring newer data), interleave with overwriting, random chaff segments bearing older timestamp options for PAWS elimination, reorder randomly, and print to standard output: 

        tcp_seg 4 new
        tcp_chaff paws
        order random
        print

FILES
/usr/local/etc/fragroute.conf
  Default configuration ruleset

SEE ALSO
fragtest(8)

AUTHOR
Dug Song <dugsong@monkey.org>

BUGS
It is entirely possible to mangle your outgoing traffic so badly that no remote TCP/IP stack will accept it. K.I.S.S.
Top of page | 

FRAGROUTE (8)

Generated by manServer 1.07 from /usr/local/man/man8/fragroute.8 using man macros.

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast