Re: Simple script: random (garbage) fuzzer

[Jon Kibler <Jon.Kibler () aset com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fyodor wrote:
> On Fri, Nov 06, 2009 at 10:13:46AM -0500, Ron wrote:
> > Hey,
> >
> > Somebody requested a NSE script to fuzz with random garbage on all
> > ports. It isn't *terribly* useful, but it could be a good way to exhaust
> > bandwidth/test for really bad services.
>
> Nice.  Did they request it on a public forum somewhere that you can
> link to?  It would be interesting to know more about the use case they
> have in mind.

Re: Use case for this script?

I have not had a chance to look at this NSE script. However, random garbage
generators are a VERY useful testing tool, especially against embedded systems
(printers, VoIP phones, environmental sensors, etc.) and real-time systems
(SCADA, PLCs, DCS, security, HVAC, etc.). They very rapidly identify brittle IP
stacks and how well systems handle unexpected traffic.

I regularly use custom protocol fuzzers, and such tools as ISIC, SING, nemesis,
fragrouter, etc., to generate random packets to test the stability of systems to
unexpected traffic. All serve a very useful purpose when testing embedded or
real-time systems, which tend to be less network-stable than are traditional
computers.

That said, nmap itself can be a dangerous tools against embedded systems. When
doing a vulnerability assessment or pen test, one of the stipulations in my
contract is that the customer must identify every non-traditional computer on
their network (including printers), unless they specifically want them included
in the test. If they want them included, they must agree to assume all liability
for damages that may result from these systems being tested. I have had a simple
nmap scan of a network cause security systems to crash and burn (actually have
to replace boards!) to the point that they lock people in rooms, and the
maglocks had to be drilled off the doors to get the people out of the room. I
have had nmap cause HVAC systems to either shut down, or turn on full heat or
A/C, because the scan blew the control board. I have also had nmap crash other
"stuff" that I cannot talk about.

The ability of a system or device to handle random garbage on the network is a
critical part of any security testing. I would think this script may be able to
serve in that capacity. I will have to take a look at it when I get a chance.

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-813-2924
s: 843-564-4224
s: JonRKibler
e: Jon.Kibler () aset com
e: Jon.R.Kibler () gmail com
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkr1tywACgkQUVxQRc85QlNFhACfaIzUfxi9odhcTgqHrOsukF7+
pocAnRTFBPtYZTDJtZuoOmGCv36tHlOA
=hSl+
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/