Full Disclosure mailing list archives
Re: [Dailydave] [TOOL RELEASE] T50 Sukhoi PAK FA Mixed Packet Injector v2.45r-H2HC
From: Aaron <apconole () yahoo com>
Date: Thu, 13 Jan 2011 07:35:24 -0800 (PST)
I don't see the "wow" factor from this tool? Perhaps I forgot to take my "super l33t" pills, but I fail to see how this is different from something like tcpreplay, which not only does any packet(s) desired, but can pull them from an existing packet capture (and even edit those packets on the fly) allowing one to truly customize the traffic as much as possible. Additionally, I looked at this tool hoping for some "exciting" new code, but found nothing which people writing router / gateway software haven't known for years. In fact, you didn't even do intelligent checksum recalculation (ie: store a "base" checksum somewhere, and just do some quick delta calculation on it), and you didn't take advantage of packet_mmap on linux (zero copy seems like good juju for high-speed network transmission); HECK you're running from a single context of execution, instead of trying to execute on all available cores (which could add some scalability, depending on the architecture). I don't want to sound like I'm a total negative nancy - and certainly security is a hobby domain, not my primary area of expertise, but you posted this to a publicly available forum, so I suppose you were looking for some type of vetting, criticism, and feedback. My feedback would be to contribute to tcpreplay. There's nothing that your tool offers as an advantage (from a cursory glance, your tool appears to be hping --flood) to any available options; there's nothing unique that I saw. Additionally, my noscript caught a click-jacking attempt from your homepage when I went to download the file. I might suggest a better file serving mechanism. -Aaron ________________________________ From: Nelson Brito <nbrito () sekure org> To: dailydave () lists immunitysec com; bugtraq () securityfocus com; full-disclosure () lists grok org uk Sent: Tue, January 11, 2011 2:43:35 PM Subject: [Dailydave] [TOOL RELEASE] T50 Sukhoi PAK FA Mixed Packet Injector v2.45r-H2HC T50 Sukhoi PAK FA Mixed Packet Injector (f.k.a. F22 Raptor) is a tool designed to perform "Stress Testing". It is a powerful and an unique packet injection tool, that is capable of: 1. Send sequentially (i.e., ALMOST on the same time) the following protocols: - ICMP: Internet Control Message Protocol - IGMP: Internet Group Management Protocol - TCP: Transmission Control Protocol - UDP: User Datagram Protocol 2. Send an (quite) incredible amount of packets per second, making it a “second to none” tool: - More than 1,000,000 pps of SYN Flood (+50% of the network’s uplink) in a 1000BASE-T Network (Gigabit Ethernet). - More than 120,000 pps of SYN Flood (+60% of the network’s uplink) in a 100BASE-TX Network (Fast Ethernet). 3. Perform “Stress Testing” on a variety of network infrastructure, network devices and security solutions in place. 4. Simulate Denial-of-Service attacks, validating the Firewall rules and Intrusion Detection System/Intrusion Prevention System policies. Further information can be found @ http://fnstenv.blogspot.com (demo video and source code). PS: Yes, there are some "anti-kiddo" tricks, so, please, don't blame me for doing that... The new version of the "T50 Sukhoi PAK FA Mixed Packet Injector" (v5.2-NG) will be unleashed on "WEB Security Forum" (http://websecforum.com.br/evento/ / April 9th-10th 2011 / São Paulo, Brazil). The next release will include: 1. New License: It is still not licensed under GPL or any other common Open-source license, but the source code will be available and the use of any piece of source code for any free or commercial software is denied. 2. CIDR Support: Classless Inter-Domain Routing support for destination IP address, using a really tiny C algorithm. This would allow the "T50 Sukhoi PAK FA Mixed Packet Injector" to simulate DDoS in a laboratory environment. 001 netmask = ~(0xffffffff>>cidr); 002 hostid = (int)(pow(2,(32-cidr))-2); 003 __1st_host = (ntohl(addr)&netmask)+1; 004 __lst_host = (ntohl(addr)&netmask)+hostid; 3. TEN NEW Protocols: TEN (10) more protocols supported by "T50 Sukhoi PAK FA Mixed Packet Injector" (IGMPv3, EGP, DCCP, RSVP, RIPv1, RIPv2, GRE, ESP, AH and EIGRP). 4. Exotic Protocols: Advanced options and protocol crafting for EIGRP and GRE were added, allowing users to make any combination while using those exotic protocols. By the way, EIGRP is a proprietary protocol developed by CISCO Systems, Inc. 5. TCP Options Support: TCP Options (MSS, NOP, EOL, WSCALE, TSTAMP, T/TCP CC and SACK) are supported to improve the TCP protocol. 6. DATA Payload Support: The data payload support is back, and it can be rand or user defined. Best regards. Nelson Brito Security Researcher http://fnstenv.blogspot.com/ _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [TOOL RELEASE] T50 Sukhoi PAK FA Mixed Packet Injector v2.45r-H2HC Nelson Brito (Jan 12)
- Re: [Dailydave] [TOOL RELEASE] T50 Sukhoi PAK FA Mixed Packet Injector v2.45r-H2HC Aaron (Jan 13)
- Re: [Dailydave] [TOOL RELEASE] T50 Sukhoi PAK FA Mixed Packet Injector v2.45r-H2HC Nelson Brito (Jan 14)
- Re: [Dailydave] [TOOL RELEASE] T50 Sukhoi PAK FA Mixed Packet Injector v2.45r-H2HC Adrien Kunysz (Jan 14)
- Re: [Dailydave] [TOOL RELEASE] T50 Sukhoi PAK FA Mixed Packet Injector v2.45r-H2HC Aaron (Jan 14)
- Re: [Dailydave] [TOOL RELEASE] T50 Sukhoi PAK FA Mixed Packet Injector v2.45r-H2HC Nelson Brito (Jan 16)
- Re: [Dailydave] [TOOL RELEASE] T50 Sukhoi PAK FA Mixed Packet Injector v2.45r-H2HC Dave Aitel (Jan 17)
- Re: [Dailydave] [TOOL RELEASE] T50 Sukhoi PAK FA Mixed Packet Injector v2.45r-H2HC Nelson Brito (Jan 14)
- Re: [Dailydave] [TOOL RELEASE] T50 Sukhoi PAK FA Mixed Packet Injector v2.45r-H2HC Aaron (Jan 13)