Protecting FOSS systems
As mentioned earlier, the packet crafting attack is a tough one to tackle. Despite this, there are ways to protect FOSS networks. The simple and correct method is to use packet crafting tools themselves, to test the infrastructure. The first step is to understand the network, and create security testing scenarios to test critical security components such as firewalls, routers, IDS systems, etc. Tools such as Hping and Tcpreplay could be used to fabricate packets and send them to gather statistics and logs. A packet sniffer and analyser such as Wireshark can be used for this purpose. Firewalls and IDS systems built on FOSS technology should be tested on Layer-2 through to Layer-7. Performing such tests at regular intervals and staying up-to-date with the intrusion detection vulnerability signatures is the appropriate way to be protected. To protect FOSS Web servers, the latest Layer-7 content filtering firewall that is capable of performing a state-ful packet inspection, and which is equipped to detect and shun a denial of service attack, should be implemented. Linux distros lack a strong built-in security module to fight against packet crafting attacks. Hence, a properly designed perimeter defence system should be deployed to protect the infrastructure.
Packet crafting is a good way to audit your network; however, it can be used by evil hackers to penetrate into a network, by exploiting vulnerabilities. Configure firewalls, switches and routers properly to prevent networks from crafting attacks. Packet crafting attacks typically can happen from outside the firm’s local area network, which demands a carefully designed perimeter defence security system for network infrastructure.