37C3: Fuzzing the TCP/IP Stack

rurban · on Jan 1, 2024

Video: https://media.ccc.de/v/37c3-12235-fuzzing_the_tcp_ip_stack

jagrsw · on Jan 1, 2024

Played around with coverage-guided fuzzing using honggfuzz and Intel BTS/PT a while back. Didn't have much time to fine-tune, but it seemed solid. It'd need a couple of months to properly dial in and see real results. The coverage was increasing, and aligning with the symbol tables, it was hitting the right parts of the kernel.

Harness: https://github.com/google/honggfuzz/tree/master/examples/lin...

rurban · on Jan 4, 2024

With coverage guided fuzzing you wont get into the deep states of such protocols. If it's TCP/IP or TLS or similar. You'd really need a client/server simulator, and fuzz this.

smartbit · on Jan 1, 2024

Interesting historical overview of IP stack bugs. But nothing new, what he calls pre-alpha.

All-in-all quite a disappointing session IMHO the worse I attended at 37c3, nothing compared to the excellent https://events.ccc.de/congress/2023/hub/event/numerical_air_... that was running at the same time.

ultrasandwich · on Jan 1, 2024

> All-in-all quite a disappointing session IMHO the worse I attended at 37c3, nothing compared to the excellent https://events.ccc.de/congress/2023/hub/event/numerical_air_... that was running at the same time.

Yeah, was there for this one, can highly recommend. Will also be building my own DIY air quality sensor to add to their network.

smartbit · on Jan 1, 2024

Which network are you considering for your DIY air quality sensor? They mention on a slide:

- https://sensor.community/

- https://luftdaten.at/

- https://openair.cologne/

ultrasandwich · on Jan 2, 2024

Since I'm neither in Austria nor Cologne, I'd go with https://sensor.community

neverrroot · on Jan 1, 2024

That session on air quality wasn’t bad, but just didn’t fit my needs in the moment. Glad you liked it so much.