Tero Kivinen <[EMAIL PROTECTED]> writes: >If I understood correctly the tools they used now did generate specific hand- >crafted packets having all kind of wierd error cases. When testing with the >crypto protocols the problem is that you also need to do the actual crypto, >key exchangement etc to be able to test things after the first packet.
The two that I'm aware of (the X.509 cert data generator that found ASN.1 parser faults and the SSH hello-packet generator) both just created vaguely correct-looking PDUs that contained garbage data, so that a simple firewall check would reject 99% of the packets before they even got to the real processing. The SSH generator only sent the first packet, so it never got past the first step of the SSH handshake. I'm not sure what the ISAKMP data generator did. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]