As of the next upcoming StrikePack, the BPS product will now have test cases from RFC-4475, the SIP Torture Tests, in the form of strikes. The sections of the RFC that are covered by this StrikeSet are Section 3.1.2: Invalid Messages, Section 3.2: Transaction Layer Semantics, and Section 3.3: Application Layer Semantics. The remaining two sections containing test cases, Section 3.1.1: Valid Messages and Section 3.4: Backward Compatibility, are not covered as they are comprised of test cases which are valid SIP messages.

The strikes contained in this StrikeSet are intended to be used as part of a broader RFC-4475 test plan, and should not be used without full understanding of RFC-4475, the sections contained therein, and the individual test cases defined for each section. The strikes for Section 3.1.2: Invalid Messages are likely the only strikes from this test suite for which a pass/fail result in the UI will be valuable, as these are the only test cases from RFC-4475 which should be definitively blocked, rejected, dropped, or otherwise ignored by a SIP-aware Device Under Test (DUT) or a SIP endpoint. The remaining sections' individual test cases each define for themselves how a SIP-aware DUT or SIP endpoint should behave in response to that specific test case, and therefore will likely require external monitoring of either the network traffic or the device itself in order to determine a pass/fail verdict.

The strikes for the BPS RFC-4475 test suite will be available by searching for keyword "torture" in the BPS Attack Manager after applying the next upcoming StrikePack.

Posted by Dustin D. Trammell (2008-02-27 14:04:38)

0 comments | Tags: rfc // sip // voip // strikes //

StrikePack 22292 is now available to BreakingPoint customers. This StrikePack adds six new strikes and renames one existing strike.

Posted by Todd Manning (2008-02-20 12:26:48)

0 comments | Tags: strikepack //

With the release of StrikePack 21889, the SMB/CIFS AppSim module has been improved from our first version which was released last week. Among the improvements are a number of customization options which are now exposed to the UI. First, the user can now provide their own custom data file to be used as payload data during file transfers, as well as indicate a file chunk size to be used for each request of a portion of the file being transferred. The user can also now configure session parameters for use such as client and server name, domain name, username, and password. If any of the available customization options are not modified by the user, they are randomized to provide each traffic flow with a unique set of session parameters.

Stay tuned for more upcoming improvements and expansions to the SMB/CIFS AppSim as well as the addition of new protocol modules as we continue to improve our Application Simulator component.

Posted by Dustin D. Trammell (2008-02-14 11:23:21)

2 comments | Tags: appsim // cifs // smb //

StrikePack 21889 is now available to BreakingPoint customers. This StrikePack adds 16 new strikes, improves 1 existing strike, and removes 0 strikes. This StrikePack includes coverage for many of the issues patched by Microsoft in February 2008.

Posted by Todd Manning (2008-02-13 23:03:03)

0 comments | Tags: strikepack //

WebDAV is a set of extensions to the HTTP protocol that facilitate creation and editing. The WebDAV mini-redirector (the "WebClient" service) is a driver called mrxdav.sys that is responsible for handling WebDAV requests. With it, you can browse to a DAV directory within Windows Explorer and even map it to a drive letter. The MS08-007 bug is an integer overflow in the code that lists DAV directories. If a malicious server sends a filename greater than 65536 bytes, a heap overflow occurs. Since MS08-007 effects the driver itself, this bug causes a crash in the kernel itself resulting in a "BSoD".

Posted by HD Moore (2008-02-13 17:34:49)

0 comments | Tags: exploit // microsoft //