"Fossies" - the Fresh Open Source Software Archive

Member "isic-0.07/README" (18 Jan 2007, 8015 Bytes) of package /linux/privat/old/isic-0.07.tgz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 ISIC -- IP Stack Integrity Checker
    2 
    3 by Shu Xiao & Mike Frantzen
    4 
    5 1)  Purpose
    6 2)  Contributors
    7 3)  History
    8 4)  Accomplishments
    9 5)  Copyright (BSD Style)
   10 
   11 
   12 
   13 
   14 1)  Purpose
   15 
   16 ISIC (and components) is intended to test the integrity of an IPv4 and IPv6 Stack
   17 and its component stacks (TCP, UDP, ICMP et. al.)  It does this by generating
   18 a controlled random packet (controlled randomness...  wacky huh?).  The user can
   19 specify he/she/it [We are tempted to put 'it' before 'she' :-)] wants a stream of
   20 TCP packets.  He/she/it suspects that the target has weak handling of IP Options
   21 (aka Firewall-1).  So he/she/it does a 'tcpsic -s rand -d firewall -I100'.  And
   22 observes the result.
   23 
   24 A great use for ISIC would be to fire it through a firewall and see if the
   25 firewall leaks packets.  But of course that would be illegal because Network
   26 Associates owns a bogus patent on that :-)  You could do that by setting the
   27 default route on the sending computer to the firewall.....  But that would be
   28 illegal.  (But Mike couldn't legally have a beer so do you think he cared about
   29 laws then?)
   30 
   31 By far the most common use for these tools is testing IDS systems.  A day
   32 after Mike took the source offline and moved it to a cvs server, a half dozen
   33 people working on seperate home-grown IDS systems emailed requesting the
   34 source be put back up.
   35 
   36 
   37 
   38 
   39 
   40 2)  Contributors
   41 
   42 Shu Xiao	<sxiao@cisco.com>	    Current owner
   43 Mike Frantzen	<frantzen@nfr.com>	    Original creater
   44 
   45 Matt Hargett	<matt@use.net>		    Various patches
   46 Dug Song	<dugsong@monkey.org>	    Various patches
   47 Kelly Yancey	<kelly@nttmcl.com>	    Various bug fix patches
   48 Marcelo Goes	<vanquirius@gentoo.org>	    Gcc 4 patch.
   49 Todd Sherer	<todds@logsoft.com>	    Test on Redhat 7.3
   50 Seth Bollinger	<seth_bollinger@digi.com>   Multisic prototype
   51 Alex Behar	<alexbr@radware.com>	    Gcc 4 patch
   52 Marc Tardif	<marc@interunion.com>	    Gcc 4 patch
   53 Sheng Li	<sheli@cisco.com>	    Patch for flood control and 
   54 					    unit/regression tests
   55 
   56 
   57 The idea for ISIC came from two of Mike Frantzen co-workers during his 
   58 summer job:
   59 
   60 Kevin Kadow	<kadokev@msg.net>
   61 Mike Scher	<strange@cultural.com>
   62 
   63 
   64 
   65 
   66 3)  History
   67 
   68 Mike Frantzen wrote ISIC v.01 over a two week period on a Redhat 5.1 box.  Well, 
   69 (huddle around kiddies)  one weekend he came back from work and turned on the 
   70 monitor to discover loads of scsi errors.  He had the binaries compiled statically 
   71 on a wee little Trinux floppy.  He was able to get the machine partially up and
   72 running and got a little bit of the source off.  He yanked the harddrive and
   73 dropped it in Mike Scher's box (Linux).  It fscked (sed s/s/u/g) the drive and
   74 He grabbed the lost+found directory.  He got the source back.  Much to his suprise,
   75 large (remarkably block sized) chunks were missing/rearranged across ALL the
   76 files.  Every linux box he have ever had came back to bite him in the ass.
   77 
   78 So over a weekend, Mike rewrote isic, tcpsic, and udpsic.  Icmpsic took a bit
   79 longer... damn bugs.   Total time: 6 hours.   Total time on icmpsic after he
   80 forgot to add the IP Header length to the pointer to the ip options, 3 hours.
   81 
   82 Bah.  He fucked up in version 0.02.  His Makefile wasn't compatible with future
   83 versions of Libnet....  Whoops...  Mike's fault.  Now we have version 0.03.
   84 
   85 Hehe, somehow forgot to randomize the TCP flags in 0.03 ;) [Thanks Florian]
   86 
   87 Mike stuck esic (ether frame spewer) into the package for 0.04.  He had it
   88 kicking around so why not toss it in.  (Heh, had to redeem himself for the
   89 TCP flags fuckup).
   90 
   91 It had been long time no updates since the release of 0.05, the last one working
   92 with Libnet 1.0.x. Then for whatever the unknown reason, our buddy Mike Schiffman, 
   93 rewrote Libnet and now version 1.1.x is not back compatible :(.
   94 
   95 In later 2004, Shu Xiao, working as a security testing engineer, sent patches to 
   96 Mike Frantzen that made ISIC compiled with new Libnet ;) along with other fixes
   97 (yes, it still has bugs).  This became a perfect time Mike shifted the
   98 responsibility to Shu (Mike finally relieved :), and version 0.06 was born.
   99 
  100 The package 0.07 is a kind of overdue release. Shu had the major changes for new 
  101 IPv6 gears ready in middle of 2005, but got overwhelmed by diaper changes and
  102 had no chance to finalize it till the end of 2006 (pushed by his co-worker
  103 Sheng Li). Yet 0.07 release includes a few important fixes slipped from 0.06,
  104 e.g. randomness for 32-bit data. It is supposed to singe more fur off your cat
  105 :-!
  106 
  107 
  108 
  109 
  110 
  111 
  112 4)  Accomplishments
  113 
  114 If ISIC finds any vulnerabilities for you, please let me know.  we would love to
  115 know the product and type of vulnerability.  We will withhold the information
  116 from this list at your request.  If you give us permission to add it to this
  117 list, you will get full credit.
  118 
  119 If you manage a Bugtraq post, we appreciate finding our name in the list of
  120 credits :-)
  121 
  122 ISIC (v0.01)		Unreleased version.
  123 	- During non-extensive testing, it failed to find a vulnerability
  124 	  in Cisco's PIX (4.2?)				- Mike Frantzen
  125 
  126 
  127 	- Logging vulnerability in Checkpoint Firewall-1 4.0
  128 		Could predictably get a packet logged with a different source
  129 		IP.  Unable to reliably and consistently reproduce.
  130 		(NOT RELEASED)				- Mike Frantzen
  131 	- IP Stack vulnerability in Checkpoint Firewall-1 4.0
  132 		Wacky IP packets sometimes descended deep into the rulebase
  133 		but got caught on drop all rule.  Unexploitable.
  134 		(NOT RELEASED)				- Mike Frantzen
  135 
  136 
  137 	- Panic of Gauntlet 5.5 Beta
  138 		(NOT RELEASED)				- Mike Frantzen
  139 	- Lock up Gauntlet 5.5 Beta
  140 		(NOT RELEASED)				- Mike Frantzen
  141 	- Frag DOS of Gauntlet 5.5 Beta
  142 		(NOT RELEASED)				- Mike Frantzen
  143 
  144 
  145 	- Lock up of Gauntlet 5.0
  146 		ICMP Parameter Problem packets with IP Options in the
  147 		encapsulated packet caused Gauntlet to lock up.
  148 		(BUGTRAQ'd)				- Mike Frantzen
  149 
  150 ISIC (v0.02) --
  151 ISIC (v0.03)
  152 	- Remote exploit of Raptor 6.x			- CERIAS
  153 		(BUGTRAQ'd)
  154 
  155 ISIC (v0.05)
  156 	- NetBSD Panics when sent unaligned IP options (NHC20000504a.0)
  157 				- NHC Research [www.newhackcity.net]
  158 
  159 	- Remote Denial of Service against Be/OS
  160 		The Be/OS Operating System version 5.0 have a 
  161 		vulnerability in the tcp fragmentation which can 
  162 		lock up the entire system, needing a cold reset to
  163 		back work.
  164 				- AUX Technologies [www.aux-tech.org]
  165 
  166 	- Internet & Acceleration Server Event DoS
  167 		Defcom Labs Advisory def-2001-16: If an alert action 
  168 		has been chosen in the ISA server console, a malicious
  169 		attacker can cause a Denial of Service situation on the
  170 		ISA server.
  171 				- Peter Grndl & Andreas Sandor
  172 
  173 ISIC (v0.06)
  174 	Various bugs leading to DoS (system crash, hang, freeze) found 
  175 	by many vendors' internal tests using this version of ISIC. 
  176 
  177 
  178 
  179 
  180 
  181 
  182 5)  Copyright  --  Modified BSD Source License
  183 
  184 ISIC is Copyright (c) 1999-2007. 
  185 Shu Xiao (San Jose, CA, USA) and Mike Frantzen (Chicago, IL, USA).
  186 All rights reserved.
  187 
  188 
  189 Redistribution and use in source and binary forms, with or without
  190 modification, are permitted provided that the following conditions
  191 are met:
  192 1. Redistributions of source code must retain the above copyright
  193    notice, this list of conditions and the following disclaimer.
  194 2. Redistributions in binary form must reproduce the above copyright
  195    notice, this list of conditions and the following disclaimer in the
  196    documentation and/or other materials provided with the distribution.
  197 
  198 THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  199 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  200 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  201 ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  202 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  203 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  204 OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  205 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  206 LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  207 OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  208 SUCH DAMAGE.
  209