|
Results for Christmas tree packet
|
On this page:
|
A packet with every single option set for whatever protocol is in use. See kamikaze packet, Chernobyl packet. (The term doubtless derives from a fanciful image of each little option bit being represented by a different-colored light bulb, all turned on.) Compare Godzillagram.
A Christmas tree packet is a packet with every single option set for whatever protocol is in use. Also known as a "Kamikaze" packet, nastygram, and lamp test segment.
The term derives from a fanciful image of each little option bit being represented by a different-colored light bulb, all turned on, as in, "the packet was lit up like a Christmas tree." When used for scanning, the flags set for Christmas tree packets are FIN, URG and PSH.
Christmas tree packets can be used as a method of divining the underlying nature of a TCP/IP stack by sending the packets and awaiting and analyzing the responses. Many operating systems implement their compliance with the Internet Protocol standard (RFC 791) in varying or incomplete ways. By observing how a host responds to an odd packet, such as a Christmas tree packet, assumptions can be made regarding the host's operating system. Versions of Microsoft Windows, BSD/OS, HP-UX, Cisco IOS, MVS, and IRIX display behaviors that differ from the RFC standard when queried with said packets.[citation needed]
Some stateless firewalls only check against security policy those packets which have the SYN flag set (that is, packets that initiate connection according to the standards). Since Christmas tree scan packets do not have the SYN flag turned on, they can pass through these simple systems and reach the target host.
A large number of Christmas tree packets can also be used to conduct a DoS attack by exploiting the fact that Christmas tree packets require much more processing by routers and end-hosts than the 'usual' packets do.
The first program that was able to perform port scans based on Christmas tree packets was probably nmap.
Since Christmas tree packets are not commonly present on the network (and technically don't follow RFC), they can be easily detected by intrusion-detection systems or more advanced firewalls. From a network security point of view, Christmas tree packets are always suspicious and indicate a high probability of network reconnaissance activities.
This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)
Join the WikiAnswers Q&A community. Post a question or answer questions about "Christmas tree packet" at WikiAnswers.
Copyrights:
 |
 | Hacker Slang. The Jargon File. Copyright © 2007. Read more |
 |
| Wikipedia. This article is licensed under the GNU Free Documentation License. It uses material from the Wikipedia article "Christmas tree packet". Read more |
Search for answers directly from your browser with the FREE Answers.com Toolbar!
Click here to download now. 
Get Answers your way! Check out all our free tools and products.
Mentioned In:
