"Fossies" - the Fresh Open Source Software Archive
Member "isic-0.07/README" (18 Jan 2007, 8015 Bytes) of package /linux/privat/old/isic-0.07.tgz:
As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard
) with prefixed line numbers.
Alternatively you can here view
the uninterpreted source code file.
1 ISIC -- IP Stack Integrity Checker
3 by Shu Xiao & Mike Frantzen
5 1) Purpose
6 2) Contributors
7 3) History
8 4) Accomplishments
9 5) Copyright (BSD Style)
14 1) Purpose
16 ISIC (and components) is intended to test the integrity of an IPv4 and IPv6 Stack
17 and its component stacks (TCP, UDP, ICMP et. al.) It does this by generating
18 a controlled random packet (controlled randomness... wacky huh?). The user can
19 specify he/she/it [We are tempted to put 'it' before 'she' :-)] wants a stream of
20 TCP packets. He/she/it suspects that the target has weak handling of IP Options
21 (aka Firewall-1). So he/she/it does a 'tcpsic -s rand -d firewall -I100'. And
22 observes the result.
24 A great use for ISIC would be to fire it through a firewall and see if the
25 firewall leaks packets. But of course that would be illegal because Network
26 Associates owns a bogus patent on that :-) You could do that by setting the
27 default route on the sending computer to the firewall..... But that would be
28 illegal. (But Mike couldn't legally have a beer so do you think he cared about
29 laws then?)
31 By far the most common use for these tools is testing IDS systems. A day
32 after Mike took the source offline and moved it to a cvs server, a half dozen
33 people working on seperate home-grown IDS systems emailed requesting the
34 source be put back up.
40 2) Contributors
42 Shu Xiao <email@example.com> Current owner
43 Mike Frantzen <firstname.lastname@example.org> Original creater
45 Matt Hargett <email@example.com> Various patches
46 Dug Song <firstname.lastname@example.org> Various patches
47 Kelly Yancey <email@example.com> Various bug fix patches
48 Marcelo Goes <firstname.lastname@example.org> Gcc 4 patch.
49 Todd Sherer <email@example.com> Test on Redhat 7.3
50 Seth Bollinger <firstname.lastname@example.org> Multisic prototype
51 Alex Behar <email@example.com> Gcc 4 patch
52 Marc Tardif <firstname.lastname@example.org> Gcc 4 patch
53 Sheng Li <email@example.com> Patch for flood control and
54 unit/regression tests
57 The idea for ISIC came from two of Mike Frantzen co-workers during his
58 summer job:
60 Kevin Kadow <firstname.lastname@example.org>
61 Mike Scher <email@example.com>
66 3) History
68 Mike Frantzen wrote ISIC v.01 over a two week period on a Redhat 5.1 box. Well,
69 (huddle around kiddies) one weekend he came back from work and turned on the
70 monitor to discover loads of scsi errors. He had the binaries compiled statically
71 on a wee little Trinux floppy. He was able to get the machine partially up and
72 running and got a little bit of the source off. He yanked the harddrive and
73 dropped it in Mike Scher's box (Linux). It fscked (sed s/s/u/g) the drive and
74 He grabbed the lost+found directory. He got the source back. Much to his suprise,
75 large (remarkably block sized) chunks were missing/rearranged across ALL the
76 files. Every linux box he have ever had came back to bite him in the ass.
78 So over a weekend, Mike rewrote isic, tcpsic, and udpsic. Icmpsic took a bit
79 longer... damn bugs. Total time: 6 hours. Total time on icmpsic after he
80 forgot to add the IP Header length to the pointer to the ip options, 3 hours.
82 Bah. He fucked up in version 0.02. His Makefile wasn't compatible with future
83 versions of Libnet.... Whoops... Mike's fault. Now we have version 0.03.
85 Hehe, somehow forgot to randomize the TCP flags in 0.03 ;) [Thanks Florian]
87 Mike stuck esic (ether frame spewer) into the package for 0.04. He had it
88 kicking around so why not toss it in. (Heh, had to redeem himself for the
89 TCP flags fuckup).
91 It had been long time no updates since the release of 0.05, the last one working
92 with Libnet 1.0.x. Then for whatever the unknown reason, our buddy Mike Schiffman,
93 rewrote Libnet and now version 1.1.x is not back compatible :(.
95 In later 2004, Shu Xiao, working as a security testing engineer, sent patches to
96 Mike Frantzen that made ISIC compiled with new Libnet ;) along with other fixes
97 (yes, it still has bugs). This became a perfect time Mike shifted the
98 responsibility to Shu (Mike finally relieved :), and version 0.06 was born.
100 The package 0.07 is a kind of overdue release. Shu had the major changes for new
101 IPv6 gears ready in middle of 2005, but got overwhelmed by diaper changes and
102 had no chance to finalize it till the end of 2006 (pushed by his co-worker
103 Sheng Li). Yet 0.07 release includes a few important fixes slipped from 0.06,
104 e.g. randomness for 32-bit data. It is supposed to singe more fur off your cat
112 4) Accomplishments
114 If ISIC finds any vulnerabilities for you, please let me know. we would love to
115 know the product and type of vulnerability. We will withhold the information
116 from this list at your request. If you give us permission to add it to this
117 list, you will get full credit.
119 If you manage a Bugtraq post, we appreciate finding our name in the list of
120 credits :-)
122 ISIC (v0.01) Unreleased version.
123 - During non-extensive testing, it failed to find a vulnerability
124 in Cisco's PIX (4.2?) - Mike Frantzen
127 - Logging vulnerability in Checkpoint Firewall-1 4.0
128 Could predictably get a packet logged with a different source
129 IP. Unable to reliably and consistently reproduce.
130 (NOT RELEASED) - Mike Frantzen
131 - IP Stack vulnerability in Checkpoint Firewall-1 4.0
132 Wacky IP packets sometimes descended deep into the rulebase
133 but got caught on drop all rule. Unexploitable.
134 (NOT RELEASED) - Mike Frantzen
137 - Panic of Gauntlet 5.5 Beta
138 (NOT RELEASED) - Mike Frantzen
139 - Lock up Gauntlet 5.5 Beta
140 (NOT RELEASED) - Mike Frantzen
141 - Frag DOS of Gauntlet 5.5 Beta
142 (NOT RELEASED) - Mike Frantzen
145 - Lock up of Gauntlet 5.0
146 ICMP Parameter Problem packets with IP Options in the
147 encapsulated packet caused Gauntlet to lock up.
148 (BUGTRAQ'd) - Mike Frantzen
150 ISIC (v0.02) --
151 ISIC (v0.03)
152 - Remote exploit of Raptor 6.x - CERIAS
155 ISIC (v0.05)
156 - NetBSD Panics when sent unaligned IP options (NHC20000504a.0)
157 - NHC Research [www.newhackcity.net]
159 - Remote Denial of Service against Be/OS
160 The Be/OS Operating System version 5.0 have a
161 vulnerability in the tcp fragmentation which can
162 lock up the entire system, needing a cold reset to
163 back work.
164 - AUX Technologies [www.aux-tech.org]
166 - Internet & Acceleration Server Event DoS
167 Defcom Labs Advisory def-2001-16: If an alert action
168 has been chosen in the ISA server console, a malicious
169 attacker can cause a Denial of Service situation on the
170 ISA server.
171 - Peter Grndl & Andreas Sandor
173 ISIC (v0.06)
174 Various bugs leading to DoS (system crash, hang, freeze) found
175 by many vendors' internal tests using this version of ISIC.
182 5) Copyright -- Modified BSD Source License
184 ISIC is Copyright (c) 1999-2007.
185 Shu Xiao (San Jose, CA, USA) and Mike Frantzen (Chicago, IL, USA).
186 All rights reserved.
189 Redistribution and use in source and binary forms, with or without
190 modification, are permitted provided that the following conditions
191 are met:
192 1. Redistributions of source code must retain the above copyright
193 notice, this list of conditions and the following disclaimer.
194 2. Redistributions in binary form must reproduce the above copyright
195 notice, this list of conditions and the following disclaimer in the
196 documentation and/or other materials provided with the distribution.
198 THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
199 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
200 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
201 ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
202 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
203 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
204 OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
205 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
206 LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
207 OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
208 SUCH DAMAGE.