timothy from the read-among-the-lines dept.
Effugas writes "After pushing OpenSSH
to perform feats of secure tunneling far beyond what I ever expected it could
do, it became clear that some genuinely useful modes of network operation were
simply inaccessable without either replacing or manipulating core network protocols.
Since the basic infrastructure of the Internet isn't likely to change any time
soon, that left...creative manipulation and reconstruction of the Lingua Reseaux:
TCP/IP. Taking advantage of expectations,
pitting layers against eachother, finding new uses for old options and data fields -- instead of simply
unleashing the latest incarnation of some "Ping of Death", could such work
unveil hidden functionality within existing networks? As I discussed at
Black Hat 2002 and the inimitable
Defcon X, the answer is yes. And now,
proof of this is ready. BSD Licensed (in deference to the very source of TCP/IP),
The Paketto Keiretsu, Version 1.0,
is a collection of five interwoven
"proof of concepts" that explore, extract, and expose previously
untapped capacities embedded deep within networks and their stacks, at Layers 2 through 4.
The five --
and the OpenQVIS
cross-disciplinary-a-go-go phentropy --
demonstrate Stateless TCP Scanning, Inverse SYN Cookies, Guerrila Multicast, Parasitic Tracerouting, Ethernet Trailer
Cryptography, and quite a bit more. (For details, stop by DoxPara Research
or check out the latest slides. The academic paper is coming "soon".)
In terms of actual usefulness, scanrand is no
nmap, but it's still interesting: During an authorized test inside a multinational corporation's class B,
scanrand detected 8300 web servers across 65,536 addresses. Time elapsed: approximately 4 seconds."
To restore a sense of reality, I think Walt Disney should have a Hardluckland.
-- Jack Paar