Re: How automate firewall tests

[Chuck Swiger <chuck () codefab com>]

On Aug 21, 2006, at 3:51 PM, Bill Royds wrote:
> ASN.1 is a formal language to describe data structures for use of a  
> number of
> protocols.

Agreed.

> One would expect that protocols that use ASN.1 as their structure
> grammar should be quite secure.

How does this follow?

I would expect that using ASN.1 would make it easier to validate  
whether a protocol statement is grammatical, and make it easier to  
write a sane LR(0,1) or LALR(1) parser for it, but that doesn't mean  
that J. Random Hacker isn't going to roll their own parser and maybe  
allocate a 1024-byte buffer which can be over-run regardless.  Good  
specification != good implementation.

This also says nothing about whether the protocol has paid any  
attention to security.  Just because something parses, doesn't mean  
it makes sense or that the application should answer the query  
without considering whether the request is legit and properly  
authorized.  In particular, people very rarely define security  
policies or access rules within the grammar of a protocol, with the  
notable exception of firewall ruleset languages like PF, IPFW,  
Cisco's IOS, etc....

> But there have probably been more vulnerabilities in ASN.1 based  
> protocols
> than any other. SO even a formal grammar is probably not good  
> enough to define
> "correct" input.

What are you counting, here?  :-)

-- 
-Chuck

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards