README
1
2 ==========
3
4 fragrouter
5
6 ==========
7
8What is fragrouter?
9-------------------
10
11Fragrouter is a network intrusion detection evasion toolkit. It
12implements most of the attacks described in the Secure Networks
13"Insertion, Evasion, and Denial of Service: Eluding Network Intrusion
14Detection" paper of January 1998.
15
16This program was written in the hopes that a more precise testing
17methodology might be applied to the area of network intrusion
18detection, which is still a black art at best.
19
20Conceptually, fragrouter is just a one-way fragmenting router - IP
21packets get sent from the attacker to the fragrouter, which transforms
22them into a fragmented data stream to forward to the victim.
23
24 attack fragmented attack
25 +-------+ +------------+ +--------+
26 | hax0r |------->| fragrouter |- - - - - - - - - - ->| victim |
27 +-------+ +------------+ | +--------+
28 V
29 +------+------+
30 | network IDS |
31 +-------------+
32
33Most network IDSs fall victim to this attack-hiding technique because
34they don't bother to reconstruct a coherent view of the network data
35(via IP fragmentation and TCP stream reassembly).
36
37What systems does fragrouter support?
38-------------------------------------
39
40Fragrouter is fairly portable, relying on libpcap and libnet for
41packet capture and raw IP packet construction.
42
43Fragrouter has been successfully tested on
44
45 - OpenBSD 2.x
46 - FreeBSD 3.x
47 - BSD/OS 3.x
48 - Redhat Linux 5.x
49 - Solaris 2.x
50
51Who can use fragrouter?
52-----------------------
53
54Fragrouter is licensed under a BSD-style license, as in the included
55LICENSE file. Please read the license to make sure it's okay to use it
56in your circumstances.
57
58Contact info?
59-------------
60
61The primary fragrouter site is
62
63 http://www.anzen.com/research/nidsbench/
64
65Please send bug reports, comments, or questions about this software to
66<nidsbench@anzen.com>.
67
68
69---
70$Id: README,v 1.15 1999/07/29 15:52:32 dugsong Exp $
71