[nsp] Fragmentation DoS

[date]

To whom this may concern:

 It seems that when I run fragrouter-1.7 with a combination of
 -F3, -F4, -F5, and -T7 options, my cisco vg2000 running ios12 crashes.
 I've tested this with fragrouter's 1.6 and 1.5, but have not
 been able to crash my cisco's yet. To crash my vg2000 remotely
 with fragrouter-1.7 it usually takes about 15-20 tries. Maybe there
 is some sort of race condition occuring? I have also encountered
 the same types of problems with the linux 2.4.x series of kernels.

 Here are the sources I have been testing with:
 www.anzen.com/archive/research/fragrouter-1.7.tar.gz
 www.anzen.com/archive/research/fragrouter-1.6.tar.gz

 Here is my cisco version information:

Cisco Internetwork Operating System Software
IOS (tm) VG200 Software (VG200-I6S-M), Version 12.1(5)XM, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
TAC:Home:SW:IOS:Specials for info
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Tue 19-Dec-00 12:49 by beliu
Image text-base: 0x80008088, data-base: 0x80822768

ROM: System Bootstrap, Version 12.1(1r) [phanguye 1r], RELEASE SOFTWARE (fc1)
ROM: VG200 Software (VG200-I6S-M), Version 12.1(5)XM, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

VG200 uptime is 0 day, 0 hours, 7 minutes
System returned to ROM by power-on
System image file is "flash:vg200-i6s-mz.121-5.XM.bin"

cisco VG200 (MPC860) processor (revision 0x102) with 24576K/8192K bytes of memory.
Processor board ID JAB0534027Y (0)
M860 processor: part number 0, mask 49
Channelized E1, Version 1.0.
Primary Rate ISDN software, Version 1.1.
1 FastEthernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
1 Channelized E1/PRI port(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

 Thanks for your time

 - nobu
.