[nsp] Fragmentation DoS
date
nobu@7501.net
Sun, 20 Oct 2002 05:29:05 +0900 (JST)
To whom this may concern:
It seems that when I run fragrouter-1.7 with a combination of
-F3, -F4, -F5, and -T7 options, my cisco vg2000 running ios12 crashes.
I've tested this with fragrouter's 1.6 and 1.5, but have not
been able to crash my cisco's yet. To crash my vg2000 remotely
with fragrouter-1.7 it usually takes about 15-20 tries. Maybe there
is some sort of race condition occuring? I have also encountered
the same types of problems with the linux 2.4.x series of kernels.
Here are the sources I have been testing with:
www.anzen.com/archive/research/fragrouter-1.7.tar.gz
www.anzen.com/archive/research/fragrouter-1.6.tar.gz
Here is my cisco version information:
Cisco Internetwork Operating System Software
IOS (tm) VG200 Software (VG200-I6S-M), Version 12.1(5)XM, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
TAC:Home:SW:IOS:Specials for info
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Tue 19-Dec-00 12:49 by beliu
Image text-base: 0x80008088, data-base: 0x80822768
ROM: System Bootstrap, Version 12.1(1r) [phanguye 1r], RELEASE SOFTWARE (fc1)
ROM: VG200 Software (VG200-I6S-M), Version 12.1(5)XM, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
VG200 uptime is 0 day, 0 hours, 7 minutes
System returned to ROM by power-on
System image file is "flash:vg200-i6s-mz.121-5.XM.bin"
cisco VG200 (MPC860) processor (revision 0x102) with 24576K/8192K bytes of memory.
Processor board ID JAB0534027Y (0)
M860 processor: part number 0, mask 49
Channelized E1, Version 1.0.
Primary Rate ISDN software, Version 1.1.
1 FastEthernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
1 Channelized E1/PRI port(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
Thanks for your time
- nobu
.