Evasion via forcing fragmentation, MTU, and data length

Control the packet size will allow for:

  • Fragmenting packets, optionally with given MTU. If the firewall, or the IDS/IPS, does not reassemble the packet, it will most likely let it pass. Consequently, the target system will reassemble and process it.

  • Sending packets with specific data lengths.

Fragment packets with 8 bytes of data:

nmap -sS -Pn -f -F MACHINE_IP

Fragment packets with 16 bytes of data:

map -sS -Pn -ff -F MACHINE_IP

Fragment packets according to a set MTU:

nmap -sS -Pn --mtu 8 -F MACHINE_IP

Generate packets with specific length:

nmap -sS -Pn --data-length 64 -F MACHINE_IP