Users login

Create an account »


Users login

Home » Hacking News » Fragroute/Dsniff/Fragrouter Configure Script Trojan Horse Vulnerability

Fragroute/Dsniff/Fragrouter Configure Script Trojan Horse Vulnerability

by Nikola Strahija on June 3rd, 2002 The server hosting fragroute, fragrouter, and dsniff,, was compromised recently. It has been reported that the intruder made modifications to the source code of fragroute, fragrouter and dsniff to include a backdoor. This backdoor allowed a user from the IP address to remotely execute commands on the host that it was installed on. The source code is reported to have been corrupted on May 17, 2002. Downloads of the source from during this time likely contain the trojan code.

A confirmed MD5 sum of a contaminated archive is:


If a fragroute install was based on an archive with this MD5 sum, it is likely that the backdoor code was executed. It is possible for other backdoored archives to have different MD5 sums. If it is believed that a trojan horse copy of fragroute has been installed, administrators should remove systems from the network and thoroughly inspect/clean the system.

As of this writing (05-31-2002), the current version available from has the following MD5 sum:


It is believed that this version is clean. Caution should still be exercised when building and installing.

Remote: Yes

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »