1 2Building fragrouter 3------------------- 4 5To build fragrouter on a supported platform: 6 7 % ./configure ; make 8 9If you get it to work on a platform not listed above, please let us 10know! 11 12Installing fragrouter 13--------------------- 14 15To install fragrouter, as root: 16 17 # make install 18 19This will install the fragrouter binary and man page (by default, 20/usr/local/sbin/fragrouter and /usr/local/man/man8/fragrouter.8). 21 22Running fragrouter 23------------------ 24 25Fragrouter can not be used to fragment traffic originating from the 26same machine on which it runs. This is by design, to help prevent 27abuse of this software. 28 29To fragment all attacks going from host hax0r to host victim, via 30fragrouter running on host middleman, do the following: 31 321. On host hax0r, set a host route to victim through middleman: 33 34 # route add victim middleman 35 add host victim: gateway middleman 36 372. Start fragrouter running on host middleman: 38 39 # fragrouter -F1 40 fragrouter: frag-1 started 41 423. Send attacks normally from hax0r to victim. Fragrouter on middleman 43 will accept traffic from hax0r, fragment it, and forward the 44 transformed stream to victim. The return path will NOT go through 45 the fragrouter. 46 474. To stop fragrouter, hit ^C (control-c). 48 49Known Problems 50-------------- 51 52Fragrouter will NOT fragment traffic originating from the host it's 53running on. This was a conscious design decision, to help prevent 54abuse of this software. 55 56Fragrouter and the attacking machine need to be on the same network 57segment (behind a router), while the victim host needs to be on a 58separate network entirely. This is because the route from the attacker 59to the victim is asymmetric when fragrouter is running. 60 61The machine running fragrouter should not be running a sniffer (or any 62other program which sets the interface in promiscuous mode). Although 63fragrouter will still work, the latency in resending packets will be 64much worse. 65 66This is only proof-of-concept test code. Works for me. YMMV. 67 68Troubleshooting 69--------------- 70 71Fragrouter will print a tcpdump-style output line for every 72packet/fragment it forwards. If you aren't seeing ANY output, 73fragrouter isn't accepting any packets. 74 75To aid in debugging, recompile fragrouter with -DDEBUG added to the 76CFLAGS line of the auto-generated top-level Makefile. This will make 77fragrouter's output a bit more verbose. 78 79 80--- 81$Id: INSTALL,v 1.8 1999/05/27 04:18:45 dugsong Exp $ 82