Although it has also probably been fixed also, I am actually talking about what is reffered to as an 'Overlapping Fragment Attack' which can be used to bypass a firewall by sending a packet with information in the TCP header containing a port number which is allowed through the firewall and then subsequent packets overwrite the original port number with a port number that is NOT allowed through the firewall, effectively bypassing a rule in the firewall not allowing access to a certain port.

I.E. packet sent to target requesting access to port 21, which is allowed to anybody through the firewall. This fragment has an offset of 0. The second packet only contains the first 8 bytes of the header, and overwrites the original requested port 21 [allowed through the firewall] with a request for port 22 [not allowed by the firewall], and overwrites the original port 21 destination request. Packet 2=(Fragment offset = 0; length = 8). The 3rd and final packet contains the remainder of the packet from the second packet and completes the request. Packet 3=(Fragment offset >= 2; length = remainder of packet 2) These are reassembled by the target allowing access to port 22 by a host which was supposed to be blocked by a firewall rule.

I assume this has also been fixed? This was the actual vulnerability that I wanted to set up and research. I know that at one time, ipchains was vulnerable to this attack.

If this has been since fixed, does anyone know at approx. what version it was fixed, and if a previous version can still be obtained?

Thanks.