Re: TCP stack smashing

---

• From: "R. DuFresne" <dufresne@xxxxxxxxxxx>
• Date: Wed, 14 Mar 2007 16:55:11 -0400 (EDT)

---

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 11 Mar 2007, Nicolas RUFF wrote:

I am looking for a tool that can be used to stress the tcp implementation
on our web/application server. I remember there used to be a tool called
EvilTCP that could be integrated
into the bsd/linux kernel to emulate a bad TCP implementation. However I
cannot find it on google. Can anybody help with this or do you know of any
similar utility that I can use to make malformed TCP transactions
(request/response).

Not sure if this is what you are looking for, but the ISIC tools
collection (and namely TCPSIC) can flood your server with bad TCP fragments.

If I recall, having played with those years ago, if used aggessivly, and merely mildly aggessivly, there was not a TCP stack we could find that did not get hosed to a state requiring a reboot to recover from. Those are not tools to be played in production envs fer sure.


Thanks,

Ron DuFresne
- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFF+GEyst+vzJSwZikRAt3WAJ4yaeusg3z7q7FGiKlbTm8X7MVPDgCfcQjI
O4+NFqF2UKqGRbbnd3EZAl4=
=ASNd
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

---

• Follow-Ups:
  • Re: TCP stack smashing
    • From: Mathew Rowley
  • Re: TCP stack smashing
    • From: crazy frog crazy frog

• References:
  • TCP stack smashing
    • From: Balaji Prasad
  • Re: TCP stack smashing
    • From: Nicolas RUFF

• Prev by Date: NASL issues
• Next by Date: Re: Oracle Application Server 10g question
• Previous by thread: Re: TCP stack smashing
• Next by thread: Re: TCP stack smashing
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: TCP stack smashing ... Hash: SHA1 ... >> into the bsd/linux kernel to emulate a bad TCP implementation. ... ...We waste time looking for the perfect lover ... Cenzic Hailstorm finds vulnerabilities fast. ... (Pen-Test) Re: TCP stack smashing ... on our web/application server. ... into the bsd/linux kernel to emulate a bad TCP implementation. ... ...We waste time looking for the perfect lover ... Cenzic Hailstorm finds vulnerabilities fast. ... (Pen-Test) Re: TCP stack smashing ... on our web/application server. ... into the bsd/linux kernel to emulate a bad TCP implementation. ... Cenzic Hailstorm finds vulnerabilities fast. ... (Pen-Test) Re: TCP stack smashing ... >> into the bsd/linux kernel to emulate a bad TCP implementation. ... Ron DuFresne ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ... (Pen-Test) RE: TCP stack smashing ... Subject: TCP stack smashing ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ... (Pen-Test)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > pen-test  > 2007-03