ICCP Test Tools
The iccpsic test tools are a set of fuzzers for a portion of the protocol stack commonly used by utility protocols such as ICCP and UCA. The tools test error handling for different fields in selected protocols of the utility stack by sending pseudo random data.
The iccpsic tools were used to identify vulnerabilities in popular ICCP server stacks including some of the vulnerabilities responsibly disclosed to US-CERT. The tools are made available only to vetted asset owner subscribers, with rare exceptions.
Asset owners should consider using the tools to:
- Identify if the ICCP stack in use is vulnerable due to missing patches. Many vendors who are implementing known vulnerable stacks and private labeling the solution are not notifying their customers of the vulnerability and patch availability.The output from the tools and packet captures can be provided to the affected vendor to help spur them into action.
- Test new versions or untested ICCP servers. Digital Bond has tested selected versions of the most popular ICCP stacks, but we have limited access to the population of ICCP stacks. Asset owners may have an untested stack that may suffer from the same vulnerability as the tested stacks. Digital Bond encourages vendors to disclose any identified vulnerabilities to US-CERT and the vendor. Digital Bond will assist the asset owner in responsible disclosure if assistance is requested.
Download the iccpsic tool set.
Request Vetted Subscriber Status
