Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Firewall and IP stack test tool
From: avalon () COOMBS ANU EDU AU (Darren Reed)
Date: Thu, 24 Feb 2000 15:12:39 +1100


In some mail from Mike Frantzen, sie said:

With the re-occurrence of this unused TCP flags fiasco, I am getting off my
ass and releasing a tool to stress test IP stacks, firewall rulesets,
firewall resilience and IDS implementations.

Been there, done that.

ISIC - 0.05   (IP Stack Integrity Check)
Crafts random packets and launches them.  Can fix or randomize source/dest
IP's and Ports.  You can specify the percentage of packets to fragment,
to have IP options, to have bad IP versions....  Just about every field
can be automagically twiddled.

Been there, done that.

Be aware that if you're doing a random attack then the results are also
going to be "random" - i.e. you won't necessarily find *all* holes.

It contains distinct programs for TCP, UDP, ICMP, IP with a randomized
protocol field and a program for randomized raw ethernet frames.

Randomized ethernet frames could be interesting (haven't played with
that before).

[...]
Note 2:
  It melts just about anything it is targeted against.  Only a matter of
  time before someone creates an interesting distributed DoS network that
  ingress filtering won't solve.
[...]

Oh, how's that ?  If ingress filtering is stopping forged IP source
addresses, then whlist the attack can still be made, it's easy to
point the finger back at the source of the problem (which is all it
was ever going to do).  Once you can find the source, the power point
is usually not too far away either...

Darren


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]