Christmas tree packet

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Dandorid (talk | contribs) at 10:59, 15 November 2021 (→‎Background: {{Ref RFC}}). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

In information technology, a Christmas tree packet is a packet with every single option set for whatever protocol is in use.

Background

The term derives from a fanciful image of each little option bit in a header being represented by a different-colored light bulb, all turned on, as in "the packet was lit up like a Christmas tree".[1] It can also be known as a kamikaze packet, nastygram, or lamp test segment.

Christmas tree packets can be used as a method of TCP/IP stack fingerprinting, exposing the underlying nature of a TCP/IP stack by sending the packets and then awaiting and analyzing the responses. When used as part of scanning a system, the TCP header of a Christmas tree packet has the flags FIN, URG and PSH set.[citation needed] Many operating systems implement their compliance with the Internet Protocol standards[2][3] in varying or incomplete ways. By observing how a host responds to an odd packet, such as a Christmas tree packet, inferences can be made regarding the host's operating system. Versions of Microsoft Windows, BSD/OS, HP-UX, Cisco IOS, MVS, and IRIX display behaviors that differ from the RFC standard when queried with said packets.[4]

A large number of Christmas tree packets can also be used to conduct a DoS attack by exploiting the fact that Christmas tree packets require much more processing by routers and end-hosts than the "usual" packets do.

Christmas tree packets can be easily detected by intrusion-detection systems or more advanced firewalls. From a network security point of view, Christmas tree packets are always suspicious and indicate a high probability of network reconnaissance activities.

See also

References

  1. ^ Raymond, Eric S. "Christmas tree packet". The Jargon File. Retrieved 30 Nov 2016.
  2. ^ J. Postel, ed. (September 1981). INTERNET PROTOCOL - DARPA INTERNET PROGRAM PROTOCOL SPECIFICATION. IETF. doi:10.17487/RFC0791. STD 5. RFC 791. IEN 128, 123, 111, 80, 54, 44, 41, 28, 26. Internet Standard 5. Obsoletes RFC 760. Updated by RFC 1349, 2474 and 6864.
  3. ^ S. Deering; R. Hinden (July 2017). Internet Protocol, Version 6 (IPv6) Specification. IETF. doi:10.17487/RFC8200. STD 86. RFC 8200. Internet Standard 86. Obsoletes RFC 2460.
  4. ^ "Port Scanning Techniques". nmap.org.

External links

Retrieved from "https://en.wikipedia.org/w/index.php?title=Christmas_tree_packet&oldid=1055352918"