[logs] FW: New tool released : Syslog Fuzzer

Rainer Gerhards rgerhards at hq.adiscon.com
Tue Apr 8 12:16:08 PDT 2008 

Hi Tina,

as you mention me ;) ... This looks like a good beginning of something
really useful :)

Is there any further work planned on the tool? I think it would be
especially useful to support TCP, too, as there are many more attack
vectors with it...

I'll give it a try tomorrow.

Rainer 

> -----Original Message-----
> From: loganalysis-bounces at loganalysis.org 
> [mailto:loganalysis-bounces at loganalysis.org] On Behalf Of Tina Bird
> Sent: Tuesday, April 08, 2008 6:38 PM
> To: loganalysis at loganalysis.org
> Cc: jaime.blasco at aitsec.com
> Subject: [logs] FW: New tool released : Syslog Fuzzer
> 
> 
> For those of you developing syslog implementations (hi 
> Rainer!), as well as
> us sys admins who like to stress test systems before 
> production deployment,
> the following may prove useful:
> 
> -----Original Message-----
> From: jaime.blasco at aitsec.com [mailto:jaime.blasco at aitsec.com] 
> Sent: Tuesday, April 08, 2008 11:12 AM
> To: bugtraq at securityfocus.com
> Subject: New tool released : Syslog Fuzzer
> 
> Syslog Fuzzer is a small perl script tool useful to test some 
> attack vectors
> against syslog servers.
> 
> The first version has support for:
> 
>  > Buffer Overflows
> 
>  > Integer Overflows
> 
>  > Format Strings
> 
> 
> 
> Usage:
> 
> 
> 
> aitsec at ubuntu:~/lab/fuzzer_syslog# perl syslog-fuzzer.pl -p 514
> 
> 
> 
>           Syslog Fuzzer v0.1 by Jaime Blasco (c) 2008
> 
>                 www.aitsec.com
> 
> 
> 
>                 -h   : Host
> 
> 
> 
>                 -p   : Port Number
> 
> 
> 
> Example:
> 
> 
> 
> aitsec at ubuntu:~/lab/fuzzer_syslog# perl syslog-fuzzer.pl -h 
> 192.1683.76  -p
> 514
> 
> 
> 
> Some ngrep traces:
> 
> 
> 
> #
> 
> U 192.168.3.10:43647 -> 192.168.3.76:514
> 
>  
> <AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> 
>   AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>Apr 8 12:20:25 10.0.0.2
> fuzzer[10]: Syslog Fuzzer v0.1 by Jaime Blasco (c) 200
> 
>   8
> 
> #
> 
> 
> 
> #
> 
> U 192.168.3.10:43647 -> 192.168.3.76:514
> 
>   <0>Apr 8 12:21:23 10.0.0.2
> %#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x
> %%: Syslog
> Fuzzer v0.1 by Jaime
> 
>    Blasco (c) 2008
> 
> #
> 
> 
> 
> #
> 
> U 192.168.3.10:43647 -> 192.168.3.76:514
> 
>   <0xffffffff>Apr 8 12:22:33 10.0.0.2 fuzzer[10]: Syslog 
> Fuzzer v0.1 by
> Jaime Blasco (c) 2008
> 
> #
> 
> 
> 
> For the latest version of the tool visit the project's homepage at:
> 
> 
> 
> http://www.aitsec.com/syslog-fuzzer.php
> 
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis at loganalysis.org
> http://www.loganalysis.org/mailman/listinfo/loganalysis
>

More information about the LogAnalysis mailing list