Date: Tue, 22 Feb 2000 23:54:48 -0500 From: Mike Frantzen <frantzen@EXPERT.CC.PURDUE.EDU> Subject: Firewall and IP stack test tool To: BUGTRAQ@SECURITYFOCUS.COM With the re-occurrence of this unused TCP flags fiasco, I am getting off my ass and releasing a tool to stress test IP stacks, firewall rulesets, firewall resilience and IDS implementations. ISIC - 0.05 (IP Stack Integrity Check) Crafts random packets and launches them. Can fix or randomize source/dest IP's and Ports. You can specify the percentage of packets to fragment, to have IP options, to have bad IP versions.... Just about every field can be automagically twiddled. It contains distinct programs for TCP, UDP, ICMP, IP with a randomized protocol field and a program for randomized raw ethernet frames. Compiles and should work using Libnet under OpenBSD, Solaris, Linux and FreeBSD. http;//expert.cc.purdue.edu/~frantzen/isic-0.05.tgz (Previous version included in OpenBSD ports tree thanks to Dug Song) Note 1: A sniffer to sit behind a firewall and analyze passed packets has been started but is sitting on the back burner. Needs another 3 hours coding. Note 2: It melts just about anything it is targeted against. Only a matter of time before someone creates an interesting distributed DoS network that ingress filtering won't solve. Note to script kiddies: Don't bother downloading. I don't write gui's or man pages.