THE NUMBER AFTER THE @ IS THE OFFSET. THE PATHOLOGICAL OFFSET (SEE...
5 - The number after the @ is the offset. The pathological offset (see notes) is that second fragment is negative (20 IP, 8 UDP -headers alone account for 28 and it says 24).
Please see notes pages for further information
IDIC - SANS GIAC LevelTwo
©2000, 200128
This slide is an example of malicious fragmentation, and you learned this during your TCP class. The keys to understanding will help you if you didn’t grasp it the first time. The problem is the second fragment has an offset lessthan the data written during the first fragment. This requires the TCP stack to go backwards, to rewind, something it cannot do. Therefore, the system crashes. Today, most systems are patched against this particular attack, but we expect to see another attack that uses this inability to perform negative math again.[Narrator, auxiliary data, do not read]Code fragment from: https://traloihay.net/* * Send two IP fragments with pathological offsets. We use an
implementation * independent way of assembling network packets that does
not rely on any of * the diverse O/S specific nomenclature hinderances
(well, linux vs. BSD). */
void send_frags(int sock, u_long src_ip, u_long dst_ip, u_short src_prt,
u_short dst_prt){
u_char *packet = NULL, *p_ptr = NULL; /* packet pointers */
u_char byte; /* a byte */