Bonk / Fragrouter

Bonk is a variant of the Teardrop attack. However, it does not aim to crash the attacked computer, but instead it outsmarts simple port-filter firewalls, which also accept fragmented packets, and penetrates the network that requires protection. This attack uses carefully chosen fragment offsets to overwrite the UDP or TCP header of the first fragment. As a result, simple port-filter firewalls accept the first packet and the associated fragments. By overwriting the header in the second fragment, an apparently legitimate packet suddenly becomes a packet that should actually be blocked in the firewall.

Again, the firewall can either perform re-assembly itself, or it can filter out the erroneous fragment (and all subsequent ones) with the consequences outlined for the other solutions described above.

Note: Ex-factory, all settings are configured to “secure”, i.e. a maximum of 100 half-open connections are allowed from different computers (see SYN flooding), a maximum of 50 half-open connections are allowed from a single computer (see Port scan), and fragmented packets are re-assembled.

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo