In
information technology, a Christmas tree packet is a
packet with every single option set for whatever protocol is in use.
Background
The term derives from a fanciful image of each little option bit in a header being represented by a different-colored light bulb, all turned on, as in "the packet was lit up like a
Christmas tree
A Christmas tree is a decorated tree, usually an evergreen conifer, such as a spruce, pine or fir, or an artificial tree of similar appearance, associated with the celebration of Christmas. The custom was further developed in early modern ...
". It can also be known as a ''kamikaze packet'', ''nastygram'', or ''lamp test segment''.
Christmas tree packets can be used as a method of
TCP/IP stack fingerprinting
TCP/IP stack fingerprinting is the remote detection of the characteristics of a TCP/IP stack implementation. The combination of parameters may then be used to infer the remote machine's operating system (aka, OS fingerprinting), or incorporated ...
, exposing the underlying nature of a
TCP/IP stack by sending the packets and then awaiting and analyzing the responses. When used as part of scanning a system, the
TCP header of a Christmas tree packet has the flags FIN, URG and PSH set. Many operating systems implement their compliance with the
Internet Protocol standards in varying or incomplete ways. By observing how a host responds to an odd packet, such as a Christmas tree packet, inferences can be made regarding the host's operating system. Versions of
Microsoft Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
,
BSD/OS,
HP-UX
HP-UX (from "Hewlett Packard Unix") is Hewlett Packard Enterprise's proprietary implementation of the Unix operating system, based on Unix System V (initially System III) and first released in 1984. Current versions support HPE Integrity Ser ...
,
Cisco IOS,
MVS
Multiple Virtual Storage, more commonly called MVS, was the most commonly used operating system on the System/370 and System/390 IBM mainframe computers. IBM developed MVS, along with OS/VS1 and SVS, as a successor to OS/360. It is unrelated ...
, and
IRIX
IRIX ( ) is a discontinued operating system developed by Silicon Graphics (SGI) to run on the company's proprietary MIPS workstations and servers. It is based on UNIX System V with BSD extensions. In IRIX, SGI originated the XFS file system and ...
display behaviors that differ from the
RFC
RFC may refer to:
Computing
* Request for Comments, a memorandum on Internet standards
* Request for change, change management
* Remote Function Call, in SAP computer systems
* Rhye's and Fall of Civilization, a modification for Sid Meier's Civ ...
standard when queried with said packets.
A large number of Christmas tree packets can also be used to conduct a
DoS attack
In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connect ...
by exploiting the fact that Christmas tree packets require much more processing by routers and end-hosts than the "usual" packets do.
Christmas tree packets can be easily detected by
intrusion-detection systems or more advanced
firewall
Firewall may refer to:
* Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts
* Firewall (construction), a barrier inside a building, designed to limit the spre ...
s. From a
network security point of view, Christmas tree packets are always suspicious and indicate a high probability of network
reconnaissance activities.
See also
*
Martian packet
References
External links
Nmap documentation
{{DEFAULTSORT:Christmas Tree Packet
Computer jargon
Packets (information technology)
Denial-of-service attacks