Dailydave mailing list archives
[dave () immunityinc com: I love the smell of Cisco remotes in the morning]
From: Enno Rey <erey () ernw de>
Date: Thu, 17 Apr 2008 23:21:07 +0200
List, in the meantime we've expanded the stuff a bit. The code for SPIKE and Sulley (+ the Shmoo08 presentation) can be found here: http://www.ernw.de/download/l2spike_04-15-08.tar.bz2 http://www.ernw.de/download/l2sulley_04-15-08.tar.bz2 http://www.ernw.de/download/l2_fuzzing_shmoo08.pdf Most of the work has been done on Sulley scripts. Now there are some (not tested too extensively so far) on: arp, dtp, lldp (bit fields still missing), lwapp, pvstp, udld, vtp, cdp, edp, mpls, stp, vrrp, wlccp ============ Dave, in particular for SPIKE some words below. thanks, Enno -- Enno Rey Check out www.troopers08.org! ========================================================================= New Spike L2 Version released We are happy to announce the relase of a new Version of SPIKE_L2 Fuzzing-Framework. It mainly consists of the original SPIKE 2.9 and a few new functions with the focus on layer 2 fuzzing. This "add-on" for SPIKE is the output of one of our research projects. The goal of this project was to evaluate the security of network devices and to get a better understanding of some protocols and the fuzzing process in protocol space. The layer 2 stuff is based on libnet and like the original SPIKE 2.9 runs only on linux. To compile just: ./configure make =======New Functions=============== - l2_write_data() - s_binary_type_and_block_size_lldp() - s_random_fuzz() and s_random_fuzz_repeat() - s_binary_selection() - s_string_variable_sized() For more details take a look at the changelog =======Layer2 Protocol-Scripts===== - ARP - DTP - VTP - LLDP - MPLS Now layer 2 fuzzing is as easy as fuzzing on tcp or udp! ======================================================================== ----- Forwarded message from Dave Aitel <dave () immunityinc com> ----- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So there was a talk at Shmoocon about modifying SPIKE 2.9 to be a decent fuzzer for Layer 2. During the talk they demonstrated a remote stack overflow in some Cisco box via some random L2 protocol I'd never heard of before. That was very cool. :> This has an earlier version of their talk. At some point they're going to put their modified SPIKE online, so everyone can find cool L2 bugs, although for their newer work I believe they've switch to Sulley. http://www.day-con.org/2007/l2_fuzzing_v099r_ger.pdf - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHuGE7tehAhL0gheoRArKqAJ9MzilSKaJI9mfZMcwHe65WEiaw1gCfQi61 LDtWk6eKuBHX5KCdmLOgzKk= =S1Mj -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave ----- End forwarded message ----- -- Enno Rey Check out www.troopers08.org! ERNW GmbH - Breslauer Str. 28 - 69124 Heidelberg - www.ernw.de Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902 PGP FP 055F B3F3 FE9D 71DD C0D5 444E C611 033E 3296 1CC1 Handelsregister Heidelberg: HRB 7135 Geschaeftsfuehrer: Roland Fiege, Enno Rey _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- [dave () immunityinc com: I love the smell of Cisco remotes in the morning] Enno Rey (Apr 17)