RE: TCP stack smashing

["R. DuFresne" <dufresne@sysinfo.com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



gotta love it:

Warning:

   ISIC may break shit, melt your network, knock out your firewall, or 
singe the fur off your cat


Use with caution as I posted earlier.


Thanks,

Ron DuFresne


On Tue, 20 Mar 2007, MARTIN Benoni wrote:

> Last version is 0.6 and is available here : 
> http://www.packetfactory.net/Projects/ISIC/
>
> -----Message d'origine-----
> De : listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] De la 
> part de R. DuFresne
> Envoyé : mardi 20 mars 2007 00:28
> À : crazy frog crazy frog
> Cc : Nicolas RUFF; pen-test@securityfocus.com; bpmlist@sonic.net; 
> pen-test-return-1078483754@securityfocus.com
> Objet : Re: TCP stack smashing
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Is that what it's now called?
>
> I have this older version laying about:
>
> isic-0.05.tgz, main credits to Mike Frantzen.
>
> Never found a system I could not crash with that toolset.  Sometimes including 
> the sending system...
>
> Thanks,
>
> Ron DuFresne
>
>
> On Sun, 18 Mar 2007, crazy frog crazy frog wrote:
>
> > PROTOS test suit??
> >
> > On 3/15/07, R. DuFresne <dufresne@sysinfo.com> wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > On Sun, 11 Mar 2007, Nicolas RUFF wrote:
> > >
> > > > > I am looking for a tool that can be used to stress the tcp
> > > implementation
> > > > > on our web/application server. I remember there used to be a tool
> > > > > called EvilTCP that could be integrated into the bsd/linux kernel
> > > > > to emulate a bad TCP implementation. However I cannot find it on
> > > > > google. Can anybody help with this or do you know of
> > > any
> > > > > similar utility that I can use to make malformed TCP transactions
> > > > > (request/response).
> > > > Not sure if this is what you are looking for, but the ISIC tools
> > > > collection (and namely TCPSIC) can flood your server with bad TCP
> > > fragments.
> > > >
> > > If I recall, having played with those years ago, if used aggessivly,
> > > and merely mildly aggessivly, there was not a TCP stack we could find
> > > that did not get hosed to a state requiring a reboot to recover from.
> > > Those are not tools to be played in production envs fer sure.
> > >
> > >
> > > Thanks,
> > >
> > > Ron DuFresne
> > > - --
> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > >          admin & senior security consultant:  sysinfo.com
> > >                          http://sysinfo.com Key fingerprint = 9401
> > > 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629
> > >
> > > ...We waste time looking for the perfect lover instead of creating
> > > the perfect love.
> > >
> > >                  -Tom Robbins <Still Life With Woodpecker> -----BEGIN
> > > PGP SIGNATURE-----
> > > Version: GnuPG v1.4.5 (GNU/Linux)
> > >
> > > iD8DBQFF+GEyst+vzJSwZikRAt3WAJ4yaeusg3z7q7FGiKlbTm8X7MVPDgCfcQjI
> > > O4+NFqF2UKqGRbbnd3EZAl4=
> > > =ASNd
> > > -----END PGP SIGNATURE-----
> > >
> > > ---------------------------------------------------------------------
> > > ---
> > > This List Sponsored by: Cenzic
> > >
> > > Need to secure your web apps?
> > > Cenzic Hailstorm finds vulnerabilities fast.
> > > Click the link to buy it, try it or download Hailstorm for FREE.
> > >
> > > http://www.cenzic.com/products_services/download_hailstorm.php?camp=7
> > > 01600000008bOW
> > > ---------------------------------------------------------------------
> > > ---
> - --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>         admin & senior security consultant:  sysinfo.com
>                         http://sysinfo.com Key fingerprint = 9401 4B13 B918 
> 164C 647A  E838 B2DF AFCC 94B0 6629
>
> ....We waste time looking for the perfect lover instead of creating the perfect 
> love.
>
>                 -Tom Robbins <Still Life With Woodpecker> -----BEGIN PGP 
> SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
>
> iD8DBQFF/xyDst+vzJSwZikRAlViAJkBPR8zAPFn4OEOMkekQex+oBO6VACeJOSv
> fFsTyoX9B4mI3e/r4/f5dGM=
> =i+aM
> -----END PGP SIGNATURE-----
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
- -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFGAGI9st+vzJSwZikRAhIrAJ0R2wSdmWWpj6OF17aQawaHvatESACfXFey
DA5dGZg5BX9S8lUGAfmcIxA=
=b5vQ
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------