Explore the intricacies of TCP/IP stack fuzzing in this 40-minute conference talk from the 37C3 event. Delve into advanced techniques for uncovering vulnerabilities in the backbone of internet communication, moving beyond traditional methods. Learn about innovative approaches, including leveraging full-blown active network connections and utilizing userland TCP/IP stacks like PicoTCP. Discover the development of a powerful fuzzer, strategies for simulating real-world scenarios, and the importance of reproducibility in identifying and reporting bugs. Gain insights into the practical considerations of TCP/IP stack security, including the decision to avoid building custom stacks. Conclude with an overview of tangible results and an opportunity to engage in a Q&A session, deepening your understanding of this crucial aspect of network security.
Overview
Syllabus
37C3 - Fuzzing the TCP/IP stack
Taught by
media.ccc.de