While developing an implementation of IKE for our platform, I noticed an astonishing behavior in the servers I was testing against: Not a single IKE implementation, which included products from the biggest names in network infrastructure, were validating the Diffie-Hellman public keys that I sent. A consequence of this is that any deployment of these servers will allow the disclosure of secret information when a peer is in collusion with a passive attacker.
Archive for C
Writing C within Ruby
This started off as an internal thread as to why C++ just downright sucks. There’s been a whole lot of hoopla around the security vulnerabilities while writing C++ code, specifically to do with delete and delete[]. I frankly think C++ for a large scale project is a big mistake.
Wireshark patch for MMS support
We have created a patch for Wireshark that allows it to dissect MMS (Manufacturing Messaging Specification) PDUs when transported over COTP/TPKT. Previously, Wireshark only dissected the protocol when the OSI session and presentation layers were present. This patch adds COTP as a heuristic dissector for MMS. Be sure to enable ‘try heuristics sub-dissectors first’ in the TCP options as well as fragmentation assembly for TPKT and COTP.
USAGE:
The patch was submitted to Wireshark and was added to trunk (with some small changes made by the wireshark team). You can either download the latest development release from Wireshark(recommended) or download the latest stable release and apply the patch.
download mms_patch.txt
Tomahawk patch for routed network testing
We have added some options to the Tomahawk network testing tool which allows for testing of routed networks.
Consider the following topology ( A1 and A2 are network interfaces on a box running tomahawk ):
[A1] +----------+
|
| ip = 192.168.1.254
| mac = aa:aa:aa:aa:aa:aa
|
[ DUT ]
|
| mac = bb:bb:bb:bb:bb:bb
| ip = 10.0.0.1
|
[A2] +----------+
When replaying an ip conversation, packets coming from A1 destined for A2 must have the destination IP address be within the subnet that contains A2 ( 10.0.0.0 ), and a destination MAC address of the router’s interface which is on the same network as A1 (aa:aa:aa:aa:aa:aa).
We have added 4 options to tomahawk to enable testing in this scenario. In the descriptions below, “client” and “server” refer to the interfaces specified by the -I and -J tomahawk options respectively ( and the examples assume “-I A1 -J A2″ ).
-x
-y
-X
-Y
The -Y and -X options only use the two most significant bytes when re-writing the packet ip addresses.
USAGE:
Apply patch and build:
download tomahawk
download tomahawk.patch
tar -xvf tomahawk1.1.tar
cd tomahawk1.1
patch -p1 < ../tomahawk_patch.txt
Then build tomahawk as normal.
Example:
tomahawk -i eth0 -j eth1 -x aa:aa:aa:aa:aa:aa -y bb:bb:bb:bb:bb:bb -X 10.0.0.0 -Y 192.168.0.0 -l 1 -f test.pcap
Categories: C
Enums, strings and laziness
If you look at the glibc equivalent for converting #defines to strings for purposes of perror, it’s a massive array that, at compile-time, builds all the strings.
The biggest drawback with this approach is that the #define and the corresponding friendly strings are defined and reconciled in two different places. If someone updates the header file to add a new errno, then s/he has to remember to also update this other place so perror works as expected. I’m using errno as an example, but this is a common problem when writing code in C or C++. The problem is exacerbated when certain enums are conditional (based on the operating system, cpu type and so on). Then these checks now need to be in multiple places. Ugliness.
