What in the hell is a fragment attack?
Along with an IP address goes a lot of other information about location, time etc. When you send partial information to a remote source, puposefully, the remote source will answer differently, and form this conversation certain things may be determined.
While this may be part of a port scan, and most likely is, I wouldnt be overly concerned, your firewall handles it, and this is just a way of you being notified.
I know this is a vastly oversimplified answer, but the other one would make you fall alseep.
Thanks, Krell.
I hate personal firewall software that calls a random stray packet an "attack".
true. I'd love to see a firewall explain in detail what is what. Even if I felt asleep while reading itOriginally Posted by zaphodiv
then there's me who doesn't even bother with a software firewall...just using NAT through a router i built with a spare motheboard :tilted
i remember using symantec for a while and it kept saying i was getting hacked...it was annoying so i shut it off hehe
Internet traffic is carried in chunks of data called packets.
Packets have varying lengths. Let's take the case of a packet that is 5000 bytes long.
When sent over the Internet, some parts of the Internet cannot send 5000 bytes at a time. The packet has to be broken up and sent in pieces. This can occur at any router, or "hop" along the path. Once broken up, the separate packets, called "fragments" proceed to the destination separately.
At the final destination the packet is re-assembled as the pieces arrive. If ANY
fragments don't arrive, the entire packet is thrown away.
Therefore, a lot of firewalls only stop the FIRST packet. This effectively prevents the entire packet from getting into your system, sort of. Even if the first packet ONLY is blocked, fragments still get in. Of course they are thrown away by your computer when it finds out it can't create a full packet, however, just them getting into your system is enough for two types of attack
1) A denial of service attack which just makes your computer chew up CPU trying to re-assemble packets that can never be reassembled.
2) Some bug in the re-assembly code might be triggered like any other buffer overflow attack.
Well, you asked for it.
with regard to the above if the first packet is not reach at once the rest of the packets keep coming and your firewall starts acting weird. well norton will do that.
after which that is why settings on a firewall can be tricky. they are no to valid or expressive as to what it means.
hmm there have been cases where packets have been sent to the system legitimately and then the firewall miscontruses it as a dos attack or whatever.
now i just think that if you think about it that is a stupid bug and i wonder about buffer overflow bugs within?\
guess the answer would be yes because that leads a vulnerability.
:)
its probably possible on that level.
hmm
interesting topic :)
btw i am not going to be liable for my current explanation as i am just curious and i can most definitely be wrong on what i just said.
Posting Permissions
Reply With Quote
Bookmarks