EmbeddedRelated.com
Forums
   Forums    More Forums    comp.arch.embedded  

testing TCP stack - teardrop & co

Started by Markus Zingg May 23, 2004
Hi group

I'm in the process of testing the robustness and if needed improof my
embedded TCP/IP stack implementation. I performed already many kind of
(mostly stress) tests etc, but testing attacks is not so easy as I
first thought. It turns out that getting "malware" which I would like
to "use" to simulate all kind of attacks is (somehow fortunately) not
so easy. I managed to get a tool to generate a synflood and the stack
so far behaved as expected. However, I also would like to test it
against teardrop attacks etc. Any ideas, pointers etc. for a tool that
performs these kind of things?

TIA

Markus
Reply by Richard May 24, 20042004-05-24
Markus Zingg wrote:

> It turns out that getting "malware" which I would
> like to "use" to simulate all kind of attacks is
> (somehow fortunately) not so easy.


Check with the network security orgs like SANS.org, Foundstone.

No doubt you could find them on hacker-oriented sites (start with
defcon.org), but you *really* don't want to run anything you download
from such sites - practically guaranteed to have a little extra
"something" wrapped around the EXE that you won't want on your machine.

Please post back here with what you find.  This would be valuable info.

Curious - when you say the stack behaved as expected, you mean it failed
as expected under a SYN attack?  Or does it defend against them well? 
If the latter, what mechanism did you use?  ISN cookies?
Reply by Markus Zingg May 24, 20042004-05-24
On Sun, 23 May 2004 22:10:19 -0700, Richard <rh86@azglobal.com> wrote:


>Markus Zingg wrote:
>> It turns out that getting "malware" which I would
>> like to "use" to simulate all kind of attacks is
>> (somehow fortunately) not so easy.
>
>Check with the network security orgs like SANS.org, Foundstone.
>
>No doubt you could find them on hacker-oriented sites (start with
>defcon.org), but you *really* don't want to run anything you download
>from such sites - practically guaranteed to have a little extra
>"something" wrapped around the EXE that you won't want on your machine.
>
>Please post back here with what you find.  This would be valuable info.
>
>Curious - when you say the stack behaved as expected, you mean it failed
>as expected under a SYN attack?  Or does it defend against them well? 
>If the latter, what mechanism did you use?  ISN cookies?


Hi Richard

Thanks for the pointers - I will check them out.

With regard to syn attacks - well, the specifications do not require
the device to continue normal operation during an attack. The
specifications say that the device must "survive" the attack and
continue to operate normaly thereafter which it does now. 

I intend to implement ISN cookies if the time permits but at the
moment there are other priorities.

Markus
You might also like... (promoted content)
The 2024 Embedded Online Conference - Register Early and Save with Promo Code ER2024!
The 2024 Embedded Online Conference - Register Early and Save with Promo Code ER2024!
The 2024 Embedded Online Conference - Register Early and Save with Promo Code ER2024!
Upcoming Course - Python Applications for Digital Design and Signal Processing
Upcoming Course - Python Applications for Digital Design and Signal Processing
Upcoming Course - Python Applications for Digital Design and Signal Processing
Check out Memfault's New Sandbox!
Check out Memfault's New Sandbox!
Check out Memfault's New Sandbox!