Summary
The three fuzzing tools presented here offer an insight into fuzzing techniques. Their function is certainly limited. There are also plenty of other fuzzing tools which run under Windows and Linux for many network protocols, file types and applications. Some have user friendly interfaces, while others can only be run from the command line with a string of parameters - the latter generally offering more flexibility than GUI tools.
Fuzzing frameworks such as Smudge and Spikefile are generally more adaptable, but have a steeper learning curve. Anyone interesting in learning more about the theoretical basis of fuzzing should find what they are looking for in the article "Datensalat" ("Data spaghetti") starting on page 210 of c't 18/06.
Fuzzing tools offer both security specialists and developers an opportunity to detect potential security vulnerabilities. However, security mailing lists are already overflowing with bug reports in which, without any reflection or further analysis, every program crash in a fuzzing test is immediately categorised as a security problem. Crashes as a result of DoS attacks are indeed a potential security problem, but they are often simply assumed to offer opportunities for remote code execution. For security personnel and administrators, this will make it increasingly difficult in future to distinguish between genuinely critical and less harmful vulnerabilities. (dab)
[1] AxMan
[2] FTPStress Fuzzer
[4] Vulnerability Summary for the Week of May 1, 2006, bug report from US CERT
[4] FileFuzzer
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
