From owner-freebsd-security Mon Jan 24 16:23: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21]) by hub.freebsd.org (Postfix) with ESMTP id AA883158D6 for ; Mon, 24 Jan 2000 16:22:54 -0800 (PST) (envelope-from gdonl@tsc.tdk.com) Received: from imap.gv.tsc.tdk.com (imap.gv.tsc.tdk.com [192.168.241.198]) by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id PAA18239; Mon, 24 Jan 2000 15:19:20 -0800 (PST) (envelope-from gdonl@tsc.tdk.com) Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194]) by imap.gv.tsc.tdk.com (8.9.3/8.9.3) with ESMTP id PAA67808; Mon, 24 Jan 2000 15:19:19 -0800 (PST) (envelope-from Don.Lewis@tsc.tdk.com) Received: (from gdonl@localhost) by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id PAA24095; Mon, 24 Jan 2000 15:19:19 -0800 (PST) From: Don Lewis Message-Id: <200001242319.PAA24095@salsa.gv.tsc.tdk.com> Date: Mon, 24 Jan 2000 15:19:19 -0800 In-Reply-To: <4.2.2.20000124103221.01e1a410@localhost> References: <4.2.2.20000124103221.01e1a410@localhost> X-Mailer: Mail User's Shell (7.2.6 beta(5) 10/07/98) To: Brett Glass , security@FreeBSD.ORG Subject: Re: stream.c as "monkey" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Jan 24, 10:45am, Brett Glass wrote: } Subject: stream.c as "monkey" } But I digress. In a way, stream.c functions as a TCP "monkey," sending } packets with insane addresses and port numbers. It's not a very good "monkey" because it only randomizes addresses and port numbers. That doesn't exercise many different code paths, and it seems that the only interesting thing it finds is what happens when it picks a multicast source address. } (It doesn't exercise } the TCP option flags, but it could be made to do so.) Maybe this program } should be regarded as a way to beat the stuffing out of the stack and } avoid problems with long code paths, memory allocation problems, and/or } future DoS attacks. It surely wouldn't make a bad networking regression } test. Other things it might test are the flags, the TCP options, different packet lengths, and sequence numbers. This is a large enough search space that you might find that you can't explore much of it in a reasonable period of time, so you might want to try some more extensive testing of a subset of this space. In addition to some of the other references, you might want to dig up a copy of "crashme" (hey, where's the port!), which executes random code. I think there is also a variant that executes random syscalls, which wouldn't be very well exercised by running random code. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message