There is a bit of discussion on the Bugtraq list about a new Fragmentation Attack that seems to be able to take out most operating systems. The author has named it the Rose Attack. Will be interesting to see where this goes.
Of the machines I have had access to, this attack has caused any number of the following problems:1) Causes the CPU to spike, thus exhausting processor resources.
2) Legitimate fragmented packets are dropped intermittently (unfragmented packets get through fine)
3) Legitimate fragmented packets are no longer accepted by the machine under attack (unfragmented packets get through fine) until the fragmentation time exceeded timers expire.
4) Devices like Cisco routers can have Buffer overflow, i.e. packets are dropped at high packet rates if there aren't enough buffers allocated.The following devices were tested and showed some or all of the above
symptoms:
1) Microsoft Windows 2000
2) Mandrake Linux 9.2
2) Cisco 2621XM
3) PIX Firewall
4) Mac OS/X V10.2.8 (FreeBSD 5?)
Nasty.
Leave a comment