Re: ressources / links on protocol flaws or exploits

[Stefan Marx <marx.s () gmx net>]

Hi,

I think it might be difficult to find such information for a protocol,
you should search for flaws in specific implementations of the protocol.
E.g. you will not find exploits for the general protocol RADIUS, but you
may find exploits for the Microsoft or CISCO or whatever implementation
of RADIUS. A good starting point is the vulnerability database at
http://www.securityfocus.com/bid .

If you want to gain knowledge about the generic protocols regardless of
vendors implementations, you have to read the according RFCs. You can
find them here: 

http://www.rfc-editor.org/

Regards,

Stefan

> I need your help on the following issue: i have to evaluate some protocols 
> security-wise. The problem is i connot find the right links and ressources 
> to do this.
>
> Of course i googled before i wrote this, but every exploit list i found was 
> not searchable. I need ressources where i can search for protocol-related 
> weaknesses and exploits, f.e. you type in 'RADIUS' and get some information 
> on RADIUS exploits.



---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------