[14005] in bugtraq
Re: Firewall and IP stack test tool
daemon@ATHENA.MIT.EDU (Darren Reed)
Thu Feb 24 15:49:51 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <200002240412.PAA06694@cairo.anu.edu.au>
Date: Thu, 24 Feb 2000 15:12:39 +1100
Reply-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
From: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
X-To: frantzen@EXPERT.CC.PURDUE.EDU
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200002230454.XAA19844@expert.cc.purdue.edu> from "Mike Frantzen"
at Feb 22, 2000 11:54:48 PM
In some mail from Mike Frantzen, sie said:
>
> With the re-occurrence of this unused TCP flags fiasco, I am getting off my
> ass and releasing a tool to stress test IP stacks, firewall rulesets,
> firewall resilience and IDS implementations.
Been there, done that.
> ISIC - 0.05 (IP Stack Integrity Check)
> Crafts random packets and launches them. Can fix or randomize source/dest
> IP's and Ports. You can specify the percentage of packets to fragment,
> to have IP options, to have bad IP versions.... Just about every field
> can be automagically twiddled.
Been there, done that.
Be aware that if you're doing a random attack then the results are also
going to be "random" - i.e. you won't necessarily find *all* holes.
> It contains distinct programs for TCP, UDP, ICMP, IP with a randomized
> protocol field and a program for randomized raw ethernet frames.
Randomized ethernet frames could be interesting (haven't played with
that before).
[...]
> Note 2:
> It melts just about anything it is targeted against. Only a matter of
> time before someone creates an interesting distributed DoS network that
> ingress filtering won't solve.
[...]
Oh, how's that ? If ingress filtering is stopping forged IP source
addresses, then whlist the attack can still be made, it's easy to
point the finger back at the source of the problem (which is all it
was ever going to do). Once you can find the source, the power point
is usually not too far away either...
Darren
