We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
37C3 - Fuzzing the TCP/IP stack
Discover a new approach to fuzzing the TCP/IP stack using PicoTCP and Python, making it easier to test for bugs and identify vulnerabilities in network protocols.
- The speaker presents a new approach to fuzzing the TCP/IP stack using a line-level TCP/IP stack in Python, PicoTCP.
- The goal is to make it easier to fuzz the TCP/IP stack and test for bugs, rather than using traditional methods like coverage-guided fuzzing.
- The approach involves modifying PicoTCP to fuzz the TCP/IP stack, focusing on packet queues, true state synchronization, and testing against hardware.
- The speaker demonstrates a simple echo service using PicoTCP and attaches a network stack to a use-line TCP/IP stack.
- The speaker proposes using Rust to write a better network stack and considers using Istik and Scapi for further development.
- Challenges faced include dealing with packet fragmentation, checksums, and packet queues, as well as finding bugs that sit behind states.
- The speaker encourages the audience to use their own network stacks for testing, and suggests that fuzzing the TCP/IP stack can lead to new and interesting bugs.
- The speaker also mentions the concepts of packet queues, true state synchronization, and packet fragmentation, and encourages the audience to “break” their own network stacks.
- Fuzzing tools like AFL and AFL+ are mentioned as effective tools for fuzzing.
- The speaker concludes that fuzzing the TCP/IP stack can be non-trivial, but is an important area of study.