Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: rain

From: "Dan Kaminsky" <dankamin () cisco com>
Date: Mon, 2 Jul 2001 06:19:39 -0700


Hello. Someone recommended I post this program to you. I hope you find it
interesting:


http://www.tenebrous.com/rain/


This is effectively a tool for sending various types of semi-random floods
towards an IP destination.  It seems more suited to stack testing than DoS,
though(its floods are reasonably filterable).

This brings up an interesting question:  Perhaps there should be a
reasonable toolkit for testing network services--something like "netfuzz",
that would send various patterns at different load levels heuristically
seeking those patterns that might cause instabilities.

*So* many daemons are released that can't handle even minor amounts of noise
that this might actually be a useful general purpose tool *before* releasing
code to test your daemons against.  Particularly if one could compile their
clients against a randomizing fuzz library(i.e. so only an individual
argument on a request would be suddenly sent out of bounds).

Perhaps no library would be needed at all...think, "noisy netcat" :-)

Thoughts?

Yours Truly,

    Dan Kaminsky, CISSP
    http://www.doxpara.com
Previous By Date Next
Previous By Thread Next

Current thread: