Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Network or Transport Layer Fuzzing

Tags:

networking

transport

fuzzing

fuzzer

How do I go about executing a fuzzing strategy to stress a network stack, specifically at the third and fourth layers (network and transport)? I've looked at frameworks to generate fuzzers, like SPIKE, but it seems to me that they are mostly focused on the application layer and above? Is there any well known techniques out there to fuzz well-known protocols in these layers, say, TCP?

Thanks.

like image 267
Santa Avatar asked Dec 16 '09 23:12

Santa

People also ask

What is network protocol fuzzing?

The basic principle of network protocol fuzzing is to con- struct malformed packets by generation or mutation, then send malformed packets to the tested protocol entity through sock- ets and monitor the tested protocol entity to find vulnerabilities in network protocol implementations.

What is a protocol Fuzzer?

The protocol fuzzer is given a definition of what the protocol is and then intelligently makes changes to valid protocol messages to try and find bugs in the app's implementation of that protocol.

What is a fuzzing script?

What is fuzzing? Fuzzing is a process of sending deliberately malformed data to a program in order to generate failures, or errors in the application.

1 Answers

Look at Scapy. It allows you to fuzz at the network and transport layers. The fuzz function will fuzz anything you didn't explicitly specify in the IP or TCP layers (you can apply it separately to each). This gives you a range of abilities from just randomly generating ip addresses and port pairs to making and sending nonsense packets.

You may also want to look at Fragroute. This will twist TCP/IP into using all sorts of evasions techniques, but could potentially unveil otherwise hidden bugs/vulnerabilities in your network stack.

Furthermore, if your organization doesn't object, you could set up a Tor exit node and capture traffic from it. I've found it useful for testing correct TCP connection state tracking. Though your end of the connections is well-known and unchanging, there's a huge variety of servers as well as fun network congestion issues. It's basically an endless source of traffic. Be sure to check with your higher ups as your org may object to being a potential source of malicious traffic (even though there is a strong precedent of non-liability). I've gotten around that issue by running it/capturing at home, then bringing in the pcaps.

like image 90
user196835 Avatar answered Sep 23 '22 07:09

user196835
Sign in to Comment

Related questions

How to determine Android internet connection?
Sending a huge amount of real time processed data via UDP to iPhone from a server
Notification of when a network interface is ready on Windows
Confused about Sockets with UDP Protocol in C#
Need a hash function to create 32 bit value out of ipv6 16 Byte address and TCP 2 Byte port numbers
Perl: how to portably reserve a TCP port (so there will be a non-available URL)
sockets programming gfortran
Bind an interface in java TCP connection
RTT timing for TCP packet using Wireshark
Interfacing with TUN\TAP for MAC OSX (Lion) using Python
What's the correct way to process all the payload of a sk_buff packet in Linux
MSFT_NetAdapter Invalid class
How to queue up data for server dispatch on android
How to connect with JMX from host to Docker container in Docker machine?
How to find all available services using Android's native Network Service Discovery
TCP keep-alive parameters not being honoured
How to mock socket in C
How to limit bandwidth used by mysqldump
Starting remote processes in a Windows network
What is the purpose of the AI_V4MAPPED flag in getaddrinfo?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!