"XR Agent" <prp_scat_private> wrote: > Fpf kernel module by |CyRaX| [cyraxat_private] (www.pkcrew.org) alters linux tcp/ip stack to emulate other OS'es against nmap/queso fingerprints using parser by FuSyS that reads nmap-os-fingerprints > for os emulation choice. > > However, attempts to send fragmented packets to local or remote machine with nmap (-sS -f, -sN -f, -sX -f, -sF -f, -sA -f) or hping (hping -f) using host with loaded fpf.o lead to kernel panic ("Aiee, killing interrupt handle. Kernel panic: Attempted to kill the idle task ! In interrupt handler - not syncing.") if run from console or force immediate reboot if the packet sending tool is run from an xterm. When fpf.o - running machine recieves nmap / hping fragmented packets from remote hosts system freezes. > > Security through obscurity was never a pefect solution, but in the current case there is also a hefty price to pay: complete inability of tcp/ip stack of "obscured" machine to deal with packet fragmentation. > > Tested on Slackware 7.1 kernel 2.2.16 (i386). > > Regards, > > _clf3_ (PrP_Scat_private) > > Veneficio, ergo sum. > > > > > > > > ------------------------------------------------------------ > Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com > AntiOnline - The Internet's Information Security Super Center! > > Have you reported this to |CyRaX| himself? I bet you haven't. I reported this a few months ago, and it has been fixed. I don't know if the version available at pkcrew.org is updated, but you should at least have notified |CyRaX| something like a week before you posted this to bugtraq. Regards -- Joachim Blaabjerg styxat_private www.SuxOS.org
This archive was generated by hypermail 2b30 : Tue Jun 05 2001 - 11:31:30 PDT