In some mail from Mike Frantzen, sie said: > > With the re-occurrence of this unused TCP flags fiasco, I am getting off my > ass and releasing a tool to stress test IP stacks, firewall rulesets, > firewall resilience and IDS implementations. Been there, done that. > ISIC - 0.05 (IP Stack Integrity Check) > Crafts random packets and launches them. Can fix or randomize source/dest > IP's and Ports. You can specify the percentage of packets to fragment, > to have IP options, to have bad IP versions.... Just about every field > can be automagically twiddled. Been there, done that. Be aware that if you're doing a random attack then the results are also going to be "random" - i.e. you won't necessarily find *all* holes. > It contains distinct programs for TCP, UDP, ICMP, IP with a randomized > protocol field and a program for randomized raw ethernet frames. Randomized ethernet frames could be interesting (haven't played with that before). [...] > Note 2: > It melts just about anything it is targeted against. Only a matter of > time before someone creates an interesting distributed DoS network that > ingress filtering won't solve. [...] Oh, how's that ? If ingress filtering is stopping forged IP source addresses, then whlist the attack can still be made, it's easy to point the finger back at the source of the problem (which is all it was ever going to do). Once you can find the source, the power point is usually not too far away either... Darren
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:37:00 PDT