Vulnerability Development mailing list archives
Re: Re: rain
From: Michael <mystic () tenebrous com>
Date: Sun, 01 Jul 2001 10:13:59 EST
I think that is a good idea! I do plan on making a GUI frontend for rain in either QT or GTK+. I will be releasing a new version of rain very soon which will provide alot of enchancements and a few bug fixes. Thank you all for your feedback! -Michael mystic () tenebrous com On Mon, 2 Jul 2001, "Dan Kaminsky" wrote:
Date: Mon, 2 Jul 2001 06:19:39 -0700 To: <mystic () tenebrous com>, <vuln-dev () securityfocus com> From: "Dan Kaminsky" <dankamin () cisco com> Subject: Re: rainHello. Someone recommended I post this program to you. I hope you finditinteresting: http://www.tenebrous.com/rain/This is effectively a tool for sending various types of semi-random floods towards an IP destination. It seems more suited to stack testing than DoS, though(its floods are reasonably filterable). This brings up an interesting question: Perhaps there should be a reasonable toolkit for testing network services--something like "netfuzz", that would send various patterns at different load levels heuristically seeking those patterns that might cause instabilities. *So* many daemons are released that can't handle even minor amounts of noise that this might actually be a useful general purpose tool *before* releasing code to test your daemons against. Particularly if one could compile their clients against a randomizing fuzz library(i.e. so only an individual argument on a request would be suddenly sent out of bounds). Perhaps no library would be needed at all...think, "noisy netcat" :-) Thoughts? Yours Truly, Dan Kaminsky, CISSP http://www.doxpara.com