In this web content, the author discusses traditional fuzzing methodologies that have previously been applied to TCP/IP stacks, highlighting their limitations. They then introduce a new approach that involves using an active network connection for fuzzing. Rather than building a custom TCP/IP stack, the author explores alternative strategies such as embedding hooks in the Linux kernel and utilizing userland TCP/IP stacks like PyTCP, Netstack, and PicoTCP. PicoTCP is particularly emphasized for its role in the state fuzzing methodology. The author also explains the development of a powerful fuzzer for identifying vulnerabilities in the TCP/IP stack, and highlights the tangible results and achievements of the project. The content concludes with a Q&A session that encourages participants to further explore TCP/IP stack fuzzing and its impact on network security.
https://events.ccc.de/congress/2023/hub/en/event/fuzzing_the_tcp_ip_stack/