[TOOL RELEASE] T50 Sukhoi PAK FA Mixed Packet Injector v2.45r-H2HC Jan 11 2011 07:43PM
Nelson Brito (nbrito sekure org)
T50 Sukhoi PAK FA Mixed Packet Injector (f.k.a. F22 Raptor) is a tool
designed to perform "Stress Testing". It is a powerful and an unique packet
injection tool, that is capable of:
1. Send sequentially (i.e., ALMOST on the same time) the following
- ICMP: Internet Control Message Protocol
- IGMP: Internet Group Management Protocol
- TCP: Transmission Control Protocol
- UDP: User Datagram Protocol

2. Send an (quite) incredible amount of packets per second, making it a
?second to none? tool:
- More than 1,000,000 pps of SYN Flood (+50% of the network?s uplink) in
a 1000BASE-T Network (Gigabit Ethernet).
- More than 120,000 pps of SYN Flood (+60% of the network?s uplink) in a
100BASE-TX Network (Fast Ethernet).

3. Perform ?Stress Testing? on a variety of network infrastructure, network
devices and security solutions in place.

4. Simulate Denial-of-Service attacks, validating the Firewall rules and
Intrusion Detection System/Intrusion Prevention System policies.

Further information can be found @ http://fnstenv.blogspot.com (demo video
and source code).

PS: Yes, there are some "anti-kiddo" tricks, so, please, don't blame me for
doing that...

The new version of the "T50 Sukhoi PAK FA Mixed Packet Injector" (v5.2-NG)
will be unleashed on "WEB Security Forum" (http://websecforum.com.br/evento/
/ April 9th-10th 2011 / São Paulo, Brazil).

The next release will include:
1. New License: It is still not licensed under GPL or any other common
Open-source license, but the source code will be available and the use of
any piece of source code for any free or commercial software is denied.

2. CIDR Support: Classless Inter-Domain Routing support for destination IP
address, using a really tiny C algorithm. This would allow the "T50 Sukhoi
PAK FA Mixed Packet Injector" to simulate DDoS in a laboratory environment.

001 netmask = ~(0xffffffff>>cidr);
002 hostid = (int)(pow(2,(32-cidr))-2);
003 __1st_host = (ntohl(addr)&netmask)+1;
004 __lst_host = (ntohl(addr)&netmask)+hostid;

3. TEN NEW Protocols: TEN (10) more protocols supported by "T50 Sukhoi PAK
FA Mixed Packet Injector" (IGMPv3, EGP, DCCP, RSVP, RIPv1, RIPv2, GRE, ESP,
AH and EIGRP).

4. Exotic Protocols: Advanced options and protocol crafting for EIGRP and
GRE were added, allowing users to make any combination while using those
exotic protocols. By the way, EIGRP is a proprietary protocol developed by
CISCO Systems, Inc.

5. TCP Options Support: TCP Options (MSS, NOP, EOL, WSCALE, TSTAMP, T/TCP CC
and SACK) are supported to improve the TCP protocol.

6. DATA Payload Support: The data payload support is back, and it can be
rand or user defined.

Best regards.

Nelson Brito
Security Researcher

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus