FRAGROUTE(8)FRAGROUTE(8)NAMEfragroute - intercept, modify, and rewrite egress traffic
SYNOPSISfragroute [-f file] host
DESCRIPTIONfragroute intercepts, modifies, and rewrites egress traffic destined
for the specified host, implementing most of the attacks described in
the Secure Networks ``Insertion, Evasion, and Denial of Service: Elud‐
ing Network Intrusion Detection'' paper of January 1998.
The options are as follows:
-f file
Read ruleset from the specified file instead of /etc/fra‐
groute.conf.
Unlike fragrouter(8), this program only affects packets originating
from the local machine destined for a remote host. Do not enable IP
forwarding on the local machine.
RULESETfragroute is composed of several modules which enable various configu‐
ration directives. Each directive operates on a logical packet queue
handed to it by the previous rule.
# string ...
Ruleset comment, no-op.
delay first|last|random ms
Delay the delivery of the first, last, or a randomly selected
packet from the queue by ms milliseconds.
drop first|last|random prob-%
Drop the first, last, or a randomly selected packet from the
queue with a probability of prob-% percent.
dup first|last|random prob-%
Duplicate the first, last, or a randomly selected packet from
the queue with a probability of prob-% percent.
echo string ...
Echo the string argument(s) to standard output.
ip_chaff dup|opt|ttl
Interleave IP packets in the queue with duplicate IP packets
containing different payloads, either scheduled for later deliv‐
ery, carrying invalid IP options, or bearing short time-to-live
values.
ip_frag size [old|new]
Fragment each packet in the queue into size-byte IP fragments,
preserving the complete transport header in the first fragment.
Optional fragment overlap may be specified as old or new, to
favor newer or older data.
ip_opt lsrr|ssrr ptr ip-addr ...
Add IP options to every packet, to enable loose or strict source
routing. The route should be specified as list of IP addresses,
and a bytewise pointer into them (e.g. the minimum ptr value is
4).
ip_ttl ttl
Set the IP time-to-live value of every packet to ttl.
ip_tos tos
Set the IP type-of-service bits for every packet to tos.
order random|reverse
Re-order the packets in the queue randomly, or in reverse.
print Print each packet in the queue in tcpdump-style format.
tcp_chaff cksum|null|paws|rexmit|seq|syn|ttl
Interleave TCP segments in the queue with duplicate TCP segments
containing different payloads, either bearing invalid TCP check‐
sums, null TCP control flags, older TCP timestamp options for
PAWS elimination, faked retransmits scheduled for later deliv‐
ery, out-of-window sequence numbers, requests to re-synchronize
sequence numbers mid-stream, or short time-to-live values.
tcp_opt mss|wscale size
Add TCP options to every TCP packet, to set the maximum segment
size or window scaling factor.
tcp_seg size [old|new]
Segment each TCP data segment in the queue into size-byte TCP
segments. Optional segment overlap may be specified as old or
new, to favor newer or older data.
EXAMPLES
Fragment all traffic to a Windows host into forward-overlapping 8-byte
fragments (favoring older data), reorder randomly, and print to stan‐
dard output:
ip_frag 8 old
order random
print
Segment all TCP data to a host into forward-overlapping 4-byte segments
(favoring newer data), interleave with overwriting, random chaff seg‐
ments bearing older timestamp options for PAWS elimination, reorder
randomly, and print to standard output:
tcp_seg 4 new
tcp_chaff paws
order random
print
FILES
/etc/fragroute.conf
Default configuration ruleset
SEE ALSOfragtest(8)AUTHOR
Dug Song <dugsong@monkey.org>
BUGS
It is entirely possible to mangle your outgoing traffic so badly that
no remote TCP/IP stack will accept it. K.I.S.S.
FRAGROUTE(8)
