LogAnalysis
[logs] FW: New tool released : Syslog Fuzzer Apr 08 2008 04:37PM
Tina Bird (tbird precision-guesswork com) (1 replies)
RE: [logs] FW: New tool released : Syslog Fuzzer Apr 08 2008 07:16PM
Rainer Gerhards (rgerhards hq adiscon com)
Hi Tina,

as you mention me ;) ... This looks like a good beginning of something
really useful :)

Is there any further work planned on the tool? I think it would be
especially useful to support TCP, too, as there are many more attack
vectors with it...

I'll give it a try tomorrow.

Rainer

> -----Original Message-----
> From: loganalysis-bounces (at) loganalysis (dot) org [email concealed]
> [mailto:loganalysis-bounces (at) loganalysis (dot) org [email concealed]] On Behalf Of Tina Bird
> Sent: Tuesday, April 08, 2008 6:38 PM
> To: loganalysis (at) loganalysis (dot) org [email concealed]
> Cc: jaime.blasco (at) aitsec (dot) com [email concealed]
> Subject: [logs] FW: New tool released : Syslog Fuzzer
>
>
> For those of you developing syslog implementations (hi
> Rainer!), as well as
> us sys admins who like to stress test systems before
> production deployment,
> the following may prove useful:
>
> -----Original Message-----
> From: jaime.blasco (at) aitsec (dot) com [email concealed] [mailto:jaime.blasco (at) aitsec (dot) com [email concealed]]
> Sent: Tuesday, April 08, 2008 11:12 AM
> To: bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: New tool released : Syslog Fuzzer
>
> Syslog Fuzzer is a small perl script tool useful to test some
> attack vectors
> against syslog servers.
>
> The first version has support for:
>
> > Buffer Overflows
>
> > Integer Overflows
>
> > Format Strings
>
>
>
> Usage:
>
>
>
> aitsec@ubuntu:~/lab/fuzzer_syslog# perl syslog-fuzzer.pl -p 514
>
>
>
> Syslog Fuzzer v0.1 by Jaime Blasco (c) 2008
>
> www.aitsec.com
>
>
>
> -h : Host
>
>
>
> -p : Port Number
>
>
>
> Example:
>
>
>
> aitsec@ubuntu:~/lab/fuzzer_syslog# perl syslog-fuzzer.pl -h
> 192.1683.76 -p
> 514
>
>
>
> Some ngrep traces:
>
>
>
> #
>
> U 192.168.3.10:43647 -> 192.168.3.76:514
>
>
> <AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>Apr 8 12:20:25 10.0.0.2
> fuzzer[10]: Syslog Fuzzer v0.1 by Jaime Blasco (c) 200
>
> 8
>
> #
>
>
>
> #
>
> U 192.168.3.10:43647 -> 192.168.3.76:514
>
> <0>Apr 8 12:21:23 10.0.0.2
> %#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x
> %%: Syslog
> Fuzzer v0.1 by Jaime
>
> Blasco (c) 2008
>
> #
>
>
>
> #
>
> U 192.168.3.10:43647 -> 192.168.3.76:514
>
> <0xffffffff>Apr 8 12:22:33 10.0.0.2 fuzzer[10]: Syslog
> Fuzzer v0.1 by
> Jaime Blasco (c) 2008
>
> #
>
>
>
> For the latest version of the tool visit the project's homepage at:
>
>
>
> http://www.aitsec.com/syslog-fuzzer.php
>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis (at) loganalysis (dot) org [email concealed]
> http://www.loganalysis.org/mailman/listinfo/loganalysis
>

_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus