It’s like one of those expansive diner menus where you can order everything from scrambled eggs to moo shu pork.Įven so, you will sometimes have to test a piece of software that Defensics does not already have an appropriate test suite for. Maybe it is a proprietary protocol or something relatively obscure. Regardless, the Defensics SDK allows you to harness the power of Defensics to create test suites for any type of data. In this article, I’ll walk through how easy it is to create such a test suite. I won’t cover the basics of setting up and using the Defensics SDK. For that information, consult the documentation. This article will highlight how to start modeling a custom protocol. Our target: bzfsįor this example, our target software will be the server component of an open source tank battle game, BZFlag. BZFlag supports multiplayer games, where all players connect to a central server, bzfs. It is well known that BZFlag has serious security flaws in its design. In particular, BZFlag clients are given much of the power in determining the course of gameplay. For example, the BZFlag client is responsible for reporting when it has been hit by a bullet and has blown up. Obviously, modified BZFlag clients can cheat widely and creatively. By modifying the source code, it is possible to create tanks that never die, tanks that hop like frogs, and more. Our investigation here is not about application design vulnerabilities. Instead, we will focus on how the clients and game server communicate: via a proprietary network protocol carried on top of standard TCP connections and UDP datagrams. We won’t worry about the UDP messages during gameplay but will instead focus on the TCP-based negotiation when BZFlag clients join a server. The protocol is documented on a page that loudly proclaims its own inaccuracy. Here is part of a conversation between a client (red) and a server (blue): However, between this page and a capture of actual network traffic, we have enough information to model part of the protocol with the Defensics SDK. After the client establishes a TCP connection to the server, it sends a client hello message and expects a server hello in response. This is simple to model in BNF: CR = 0x0D # US-ASCII CR, carriage return (13)LF = 0x0A # US-ASCII LF, linefeed (10)CRLF = (CR LF)ClientHello = ('BZFLAG' CRLF CRLF) The client hello is simply the string “BZFLAG” followed by two sets of carriage return and line feed. The server responds with a hello message containing a four-digit version number. It’s not clear what terminates the server hello the protocol page says 0xFF, but the network capture shows a 0x00. We’ll build the model to handle either terminator.A real-time strategy game of ancient warfareĠ A.D. How will you meet needs through racks, cable management, and security? Again, get outside help if you feel overwhelmed.Is a real-time strategy (RTS) game of ancient warfare. Ask your IT team questions to help them in planning your server room setup.This step alone can be a burden for businesses, but it’s one you must do before you shop for your equipment. Go over the specs for your server room in advance, including any windows, backup power, and cooling systems that will keep your equipment safe.An outside consultant may also bring new concerns to light that you didn’t consider, such as whether you need a newly designed internet connection infrastructure. You may want to work with a third-party expert to go over other needs, such as RAID, hot-swappable drive bays, CPU, power supply options, and hardware redundancy. Now you have the minimum spec requirements for most parts – start there.Add them together to get the average capacity for when you server shop, then add 20% for peak usage spikes. Record the results and note the high and low estimates of what you’ll need for each program or application.You can find some calculators from various server businesses that will help you understand the resources necessary to run various programs at the capacity of your business. Take the list of applications you put together in Step 2 and do further research on each application.How can you know the parts you pick will be up to the tasks? You can estimate some resource needs in advance with these steps.
0 Comments
Leave a Reply. |