Preface: RFProwl exploitLogo -Internet Security Systems

RFProwl exploit
advICE :Intrusions : 2000319
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

A TCP header containing more than 20 bytes has been split into multiple frames in an attempt to crash or bypass your intrusion detection system.

Details

Some intrusion detection systems will crash if they receive fragmented frames in which the TCP layer is split into different fragments. Some systems are especially susceptible if the TCP layer is more than the standard 20 bytes in length. The product has detected this combination of frames, which almost always indicates a serious attempt by a hacker to crash your IDS system.

This attack is dubbed the "RFProwl exploit" because the original program which generated this attack is named rfprowl.c.

The source address is usually spoofed when this attack is seen.

 more information
BugtraqID: 1225   Axent NetProwler Malformed IP Packets DoS Vulnerability
 
Advisory by rain forest puppy  
 
CVE-2000-0394   NetProwler 3.0 D0S exploit
 

 parametric information
expectedThe expected value of the fragment offset.
offsetThe actual value of the fragment offset.
lengthThe length of the fragment.

 
Version appeared: 2.2
Privacy Policy |  Copyright Info