In addition to Priscilla's comments, sending IP/TCP/UDP fragments is a useful way to fingerprint a host's OS. The response from the fragmented packet(s) can be used as a clue to determine what OS/platform is running on the other end. Nmap, among many other tools, has options to send fragmented packets in a variety of ways. Check out http://www.insecure.org for some informative white papers on OS fingerprinting.
- Sean -----Original Message----- From: bergenpeak [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 23, 2002 4:18 AM To: [EMAIL PROTECTED] Subject: ACLs, TCP segements, and the "fragments" keyword [7:32922] Looking at extended ACLs I see there's an option to define ACL statements which can key on whether the IP packet contains a fragment. Besides for NAT purposes, could someone provide me with a scenario where one would need develop an ACL to key on IP packets carrying fragements? I'd be particularly interested in situations where one might want to block a TCP application and decided that one had to block traffic to the TCP port as well as fragments going to the server. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33136&t=32922 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
