Joshua Wright writes: > Has anyone performed a rudimentary (or other) analysis of the PROTOS tool > and it's capabilities? It seems there is quite a bit of uncertainty > floating around about the vulnerabilities it exploits. Any analysis > comments are welcome. Direct effects: boundary overruns and unexpected data values. Indirect effects: memory leaks, etc., and other failures due to saturation, queue overruns, and so forth. Details are available in the documentation on the OUSPG web site (if it's not there already, it will be soon). If you want to know what's in the packets, just extract the test cases from the jar files and hexdump them. Those _are_ the PDUs themselves -- you can use netcat to send them to the device under test -- so everything you want to know about 53,000 test cases is already there to be examined. Have fun. :-) For the record, the specific tests that expose vulnerabilities vary by vendor, product, version, and so forth. I don't recall any particular tests that were obvious showstoppers every time. Hope this helps. Jim == Jim Duncan, Product Security Incident Manager, Cisco Systems, Inc. http://www.cisco.com/warp/public/707/sec_incident_response.shtml E-mail: jnduncanat_private Phone(Direct/FAX): +1 919 392 6209
This archive was generated by hypermail 2b30 : Thu Feb 14 2002 - 16:48:06 PST