DAY-CON 2007: Advanced Protocol Fuzzing - What We Learned when Bringing Layer2 Logic to...
Sign UpThis is a 5 minute preview of a 1 hour and 21 minute video
Install Web Player Beta to watch the full video in your browser or download it to your PCYou're watching a full 1 hour and 21 minute video using the Veoh Web Player
To download the original quality video, select the Download Options link below- By:
- angusblitter
- Description
- The talk is based on a research project whose goal was to evaluate the security of network devices used in carrier space. After some (short) introduction into the main concepts of fuzzing (in particular of network protocols) we will explain which options of existing fuzzers and frameworks we found and why we finally chose SPIKE. Given SPIKE has no Layer2 functionality by default we were forced to write some additional modules like a (libnet-based) generic Layer 2 packet generator and lots of SPK-scripts for different protocols. We will describe this development process, the pitfalls and lessons learned. Furthermore we will release all the code and discuss the results of performing extensive fuzz-testing of network devices and some common operating systems.
- Language:
- English
- Subtitles:
- English
Would you like to comment?
Sign Up Now for a free account or Log In.