Hey,
[email protected] wrote on 28.01.2009
12:43:22:
> Where? Is it a lwip bug? is it already solved in current cvs? (i'm
> using last 1.3.0 release)
Yes it was a bug in LwIP. See:
http://savannah.nongnu.org/bugs/index.php?24596
> which tool i can use to simulate a flood attack and debug the driver
> and the stack?
A good starting point would be nessus, which already covers a huge load of
vulnerability tests.
Other name-droppings would include:
- metasploit
- isic, ipload
- ettercap
... lots of others and basically everything from http://sectools.org/ :o)
> yes... i want to filer in the driver, not in lwip.. and i know... it
> is not a definitive solution, but can mitigate the problem.
Still a SYN-Flood will create a lot of load and starve resources. On an
embedded device this can make the device unusable. Nothing mitigated
there.
> yes.... i said the same thing to our marketing.... "put the device
> behind a firewall!!".... but the answer was... security features
> inside the device are good marketing arguments.... :O|
Is it? Does marketing and customers care about security features or just
about the Sticker that says "super-secure inside"?
regards,
Fabian
_______________________________________________
lwip-users mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/lwip-users
