Fuzz Testing with the IS-IS Protocol
Overview
The Intermediate System to Intermediate System (IS-IS) protocol permits Intermediate Systems within a routing domain to exchange configuration and routing information to facilitate routing operation and relaying network layer functions.
Testing environment requirements
-
beSTORM 13.2.0 or later (licensed)
-
Windows 10 or later
-
A router that supports the IS-IS protocol (this will be the device under test [DUT])
Fuzzing with beSTORM
To fuzz with the IS-IS protocol in beSTORM, do the following:
-
Using a network cable, connect the IS-IS-supported router (DUT) to the beSTORM computer's Ethernet adapter.
-
Open beSTORM Client.
-
Select New Project. The beSTORM New Project Wizard opens.
-
On the Welcome page, do the following:
-
In the Project Name box, enter a name.
-
Optionally, select a different file location for your project in the Location Name box.
-
For Please select the wizard, select Advanced.
-
Leave Perform a port scan, and service detection and assist me in choosing the relevant module unchecked.
-
-
Select Next.
-
On the Basic Configuration page, do the following:
-
In the beSTORM's predefined modules list, select ISIS.
-
In the Network Device list, select the beSTORM computer's Ethernet adapter where you connected your network cable.
-
-
Select Next.
-
On the Advanced Configuration page, adjust Scale Type to reduce the number of combinations and overall testing duration. For the least number of combinations and shortest testing duration, select Base10.
-
Select Next.
-
On the Module Environment page, do the following for the first five parameters:
-
Interface Name - In the Value box, confirm it is set to the Ethernet adapter you selected in step 6b.
-
Destination Address - Double-click the Value box. In the MAC Address Finder dialog, enter the IPv4 Address of the DUT router, and then select Find. The MAC Address box will refresh and display the MAC address of the router. Select OK. You can also leave default value 01:80:C2:00:00:15. This value in the IS-IS context is a multi-destination address meaning “All L2 Intermediate Systems.”
-
Source Address - Double-click the Value box. In the MAC Address Finder dialog, enter the IPv4 Address of the beSTORM computer and then select Find. The MAC Address box will refresh and display the MAC address of the beSTORM computer. Select OK.
-
Optionally, you can adjust the remaining parameters to further refine IS-IS fuzzing with beSTORM.
-
-
Select Next.
-
On the Test Selection page, select the IS-IS request types you want to fuzz.
-
Select Next.
-
On the Extra Configuration page, do the following:
-
Select the ARP Echo and ICMP Echo checkboxes.
-
Set the Monitored IP Address to the router's IP Address. Leave all other parameters to their default setting.
-
-
Select Next.
-
On the Complete beSTORM wizard page, select Finish to begin fuzzing, or clear the Auto-start beSTORM scan now checkbox to run the test later.
-
Once your test begins, if an exception occurs (that is, an attack was successful), a message will appear in an Exception Information dialog informing you that the router is not responding. This indicates a possible vulnerability. Testing will resume after five seconds unless you select Pause Test.
-
When fuzzing is complete, select Report > Generate Report from the beSTORM Client to generate a more comprehensive report of your Configuration page.