Advanced Protocol Fuzzing - What We Learned When Bringing Layer2 Logic To Spike Land presented at ShmooCon 2008

by Daniel Mende (ERNW GmbH), Enno Rey (ERNW GmbH),

Tags: Security Fuzzing

Summary : The talk is based on a research project whose goal was to evaluate the security of network devices used in carrier space. After some (very short) introduction into the main concepts of fuzzing (in particular of network protocols) we will explain which options of existing fuzzers and frameworks we found and why we finally chose SPIKE. Given SPIKE has no Layer2 functionality by default we were forced to write some additional modules like a (libnet-based) generic Layer 2 packet generator and lots of SPK-scripts for different protocols. We will describe this development process, the pitfalls and lessons learned. Furthermore we will release all the code and discuss the results of performing extensive fuzz-testing of network devices and some common operating systems.
Daniel and Enno are long time network geeks who love to explore protocols and to break flawed ones.