Re: [fw-wiz] How automate firewall tests

On Aug 21, 2006, at 3:51 PM, Bill Royds wrote:
ASN.1 is a formal language to describe data structures for use of a
number of
protocols.

Agreed.

One would expect that protocols that use ASN.1 as their structure
grammar should be quite secure.

How does this follow?

I would expect that using ASN.1 would make it easier to validate
whether a protocol statement is grammatical, and make it easier to
write a sane LR(0,1) or LALR(1) parser for it, but that doesn't mean
that J. Random Hacker isn't going to roll their own parser and maybe
allocate a 1024-byte buffer which can be over-run regardless. Good
specification != good implementation.

This also says nothing about whether the protocol has paid any
attention to security. Just because something parses, doesn't mean
it makes sense or that the application should answer the query
without considering whether the request is legit and properly
authorized. In particular, people very rarely define security
policies or access rules within the grammar of a protocol, with the
notable exception of firewall ruleset languages like PF, IPFW,
Cisco's IOS, etc....

But there have probably been more vulnerabilities in ASN.1 based
protocols
than any other. SO even a formal grammar is probably not good
enough to define
"correct" input.

What are you counting, here? :-)

--
-Chuck

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • Re: [fw-wiz] How automate firewall tests
    ... is of exactly a formal grammar used to define and model a network protocol. ... Since most firewall rules are tuplets of form: ...
    (Firewall-Wizards)
  • Re: Forums
    ... 'Protocol for Grammar on Internet', ... I warned a person that the word "wanna" does not mean to everyone what ...
    (comp.lang.java.programmer)
  • Re: Protocol Analysis
    ... Subject: Protocol Analysis ... Concerned about Web Application Security? ... testing and vulnerability management needs. ... most comprehensive solutions to meet your application security penetration ...
    (Pen-Test)
  • [fw-wiz] UNSUBSCRIBE
    ... (Paul D. Robertson) ... > fixup protocol icmp error ... >> isn't about the security properties of the control, ... errors in the firewall, configuration errors, and it then takes physical ...
    (Firewall-Wizards)
  • Re: 802.11i
    ... Access" and it is security "system" for wireless networks that employs ... While TKIP "Temporal Key Integrity Protocol" is actual protocol under ... safer to communicate using RC4 stream cipher, ... But that is WPA v1., which is done to be as an enhancement ...
    (Security-Basics)