The talk is based on a research project whose goal was to evaluate the security of network devices used in carrier space. After some (very short) introduction into the main concepts of fuzzing (in particular of network protocols) we will explain which options of existing fuzzers and frameworks we found and why we finally chose SPIKE. Given SPIKE has no Layer2 functionality by default we were forced to write some additional modules like a (libnet-based) generic Layer 2 packet generator and lots of SPK-scripts for different protocols. We will describe this development process, the pitfalls and lessons learned. Furthermore we will release all the code and discuss the results of performing extensive fuzz-testing of network devices and some common operating systems.
Daniel Mende is a German security researcher with ERNW GmbH and specializes in network protocols and technologies. He is well known for his Layer2 extensions of the SPIKE and Sulley fuzzing frameworks. He has also discussed new ways of building botnets and presented on protocol security at many occasions including Troopers, ShmooCon and Black Hat. He has written several tools for assessment of telecommunication networks like Pytacle, GTP-Scan, Dizzy and APNBF.
Simon Rich is a German security researcher specialized on network protocols and technologies. He has contributed to finding several protocol flaws in the past and is known for innovative approaches to (depending who’s the customer) implementing or breaking the security of technologies. He is also well known for his Layer2 extensions of the SPIKE and Sulley fuzzing frameworks and have presented on protocol security at many occasions including CCC Easterhegg, Daycon, IT Underground and Troopers08.