5th Feb 2003 [SBWID-5970]
COMMAND
	Block-Based Protocol Analysis
SYSTEMS AFFECTED
	n/a
PROBLEM
	- see below - and RPC locator recent advisory
SOLUTION
	Dave Aitel of Immunity, Inc, announces :
	
	 http://www.immunitysec.com/
	
	Immunity, Inc. is proud to announce  both  a  new  paper  on  SPIKE  and
	related fuzzing technology, and the  release  of  SPIKE  2.8.  Both  are
	available  from  http://www.immunitysec.com/spike.html  .  SPIKE  is   a
	full-featured network protocol  analysis  toolkit,  written  in  C,  and
	released under the GNU Public License (GPL).
	The most obvious change to SPIKE 2.8 is the inclusion of a DCE-RPC  over
	named pipe fuzzer.
	The abstract of the paper is below. It should be noted  that  the  paper
	contains not only detailed information on how to detect the RPC  Locator
	vulnerability with SPIKE, but  also  several  other  vulnerabilities  in
	Windows 2000 that were discovered  as  part  of  this  testing.  (For  a
	binary of one of  them,  try  http://www.immunitysec.com/downloads/plonk
	).
	The Advantages of Block-Based Protocol Analysis for Security Testing
	Abstract.  This  paper  describes  an  effective  method  for  black-box
	testing of unknown or arbitrarily complex network protocols  for  common
	problems  relating  to  the  security  of  a  program  or   system.   By
	introducing a block-based method  for  taking  advantage  of  all  known
	factors in a network protocol, and delimiting the effect of all  unknown
	factors, the potential space of inputs  to  a  program  can  be  reduced
	intelligently by a tester, compensating for incomplete knowledge of  the
	target's implementation or design.