[Dailydave] IPv6, CANVAS, The Love.
Dave Aitel
dave at immunityinc.com
Fri Feb 2 11:41:08 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm a big fan of fuzzers, but fuzzers and attack frameworks are two
different things.
I'm sure Codenomicon/PROTOS, MU, Breakingpoint, ProtoVer, SPIKE2K6 and
various other fuzzers all support IPv6 or protocols that run over
IPv6, but once they find a vulnerability, you would then plug that
into CANVAS or another attack framework to target someone's machine.
So two sides of the same coin, as it were. Apples and Orangutans. NP
Complete and O(1). And so on.
I'm sure you're just feigning confusion here, but I wanted to make
sure you didn't induce real confusion in anyone reading this list. .
.which is unlikely except after yesterday's press coverage there's
1000 new people subscribed who might be CNN-type readers. They'll all
unsubscribe when they realize this list is mostly about breaking into
computers the hard way - where EIP is involved.
Being first is silly anyways. Everyone's first at something. The Zune
is the top seller in the category of 30gig mp3 players that are also
brown, but it sold like 5 units and the Microsoft guy in charge of
that marketing had to leave for "personal reasons".
There's no one best fuzzer; that's the beauty of the beast.
- -dave
Ari Takanen wrote:
> Hello all,
>
> On Fri, Feb 02, 2007 at 07:44:33AM -0500,
dailydave-request at lists.immunitysec.com wrote:
>> As of today, Immunity CANVAS is now the only penetration testing
>> platform that can handle IPv6. You know you're excited! What about all
>> those IPv6 DoD networks you can test now?
>
> I do not usually want to promote our tools (too much) but wanted to
> respond to the advertisement by Immunity.
>
> Codenomicon has probably been the first to cover every single protocol
> (100+ interfaces supported), and IPv6 is not an exception (well PROTOS
> did some of the protocols before us, but that does not count because
> we kind of are the same thing as the PROTOS Classic test suites
> [1]). Codenomicon has done security testing of IPv6 for a long time
> already. Also most if not all Codenomicon tools are IPv6
> capable. Infact we (or our customers to be more exact) can find
> zero-day flaws from almost any IPv6 device.
>
> [1] http://www.codenomicon.com/media/press-releases/2007-01-09.shtml
>
> /Ari
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFw2miB8JNm+PA+iURAovFAKDUqSdKYeXgYOmwHVN5Uo/DVISlXgCeLtaC
F2N1W9klTGe+m5Xe5P2k83k=
=UOv8
-----END PGP SIGNATURE-----
More information about the Dailydave
mailing list