From owner-freebsd-security Mon Jan 24 11:27:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail-out1.apple.com (mail-out1.apple.com [17.254.0.52]) by hub.freebsd.org (Postfix) with ESMTP id D102B1531A for ; Mon, 24 Jan 2000 11:25:55 -0800 (PST) (envelope-from ddavidso@scv3.apple.com) Received: from mailgate2.apple.com ([17.129.100.225]) by mail-out1.apple.com (8.9.3/8.9.3) with ESMTP id LAA19643 for ; Mon, 24 Jan 2000 11:25:45 -0800 (PST) Received: from scv3.apple.com (scv3.apple.com) by mailgate2.apple.com (Content Technologies SMTPRS 2.0.15) with ESMTP id ; Mon, 24 Jan 2000 11:25:36 -0800 Received: from miranda-n (miranda-n.apple.com [17.202.15.94]) by scv3.apple.com (8.9.3/8.9.3) with SMTP id LAA00486; Mon, 24 Jan 2000 11:25:35 -0800 (PST) Message-Id: <200001241925.LAA00486@scv3.apple.com> To: "Brett Glass" Subject: Re: stream.c as "monkey" Cc: security@freebsd.org Date: Mon, 24 Jan 2000 11:25:32 -0800 From: Douglas Davidson X-Mailer: by Apple MailViewer (2.106) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >In a way, stream.c functions as a TCP "monkey," >sending packets with insane addresses and port >numbers. (It doesn't exercise the TCP option flags, >but it could be made to do so.) Maybe this program >should be regarded as a way to beat the stuffing >out of the stack and avoid problems with long code >paths, memory allocation problems, and/or future >DoS attacks. It surely wouldn't make a bad networking >regression test. Also along these lines is "fuzz", by Barton Miller et al., which could (and probably still can) crash an alarmingly large number of command-line tools etc. by feeding them random input (CACM 33, 12 (Dec. 1990); also a followup paper in '95). It seems natural that there should be such a thing for network protocol stacks--perhaps it already exists somewhere. If I get a free moment I would be interested in producing such a thing, and perhaps others would be too. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message