Black Ops of TCP/IP: Paketto Keiretsu 1.0 Release 319
Effugas writes "After pushing OpenSSH
to perform feats of secure tunneling far beyond what I ever expected it could
do, it became clear that some genuinely useful modes of network operation were
simply inaccessable without either replacing or manipulating core network protocols.
Since the basic infrastructure of the Internet isn't likely to change any time
soon, that left...creative manipulation and reconstruction of the Lingua Reseaux:
TCP/IP. Taking advantage of expectations,
pitting layers against eachother, finding new uses for old options and data fields -- instead of simply
unleashing the latest incarnation of some "Ping of Death", could such work
unveil hidden functionality within existing networks? As I discussed at
Black Hat 2002 and the inimitable
Defcon X, the answer is yes. And now,
proof of this is ready. BSD Licensed (in deference to the very source of TCP/IP),
The Paketto Keiretsu, Version 1.0,
is a collection of five interwoven
"proof of concepts" that explore, extract, and expose previously
untapped capacities embedded deep within networks and their stacks, at Layers 2 through 4.
The five --
scanrand,
minewt,
lc
(
linkcat
),
paratrace,
and the OpenQVIS
cross-disciplinary-a-go-go phentropy --
demonstrate Stateless TCP Scanning, Inverse SYN Cookies, Guerrila Multicast, Parasitic Tracerouting, Ethernet Trailer
Cryptography, and quite a bit more. (For details, stop by DoxPara Research
or check out the latest slides. The academic paper is coming "soon".)
In terms of actual usefulness, scanrand is no
nmap, but it's still interesting: During an authorized test inside a multinational corporation's class B,
scanrand detected 8300 web servers across 65,536 addresses. Time elapsed: approximately 4 seconds."
...wha? (Score:3, Funny)
Anyone here want to sum it up IN PLAIN ENGLISH, without involving beowulf clusters or "Profit!"?
I'm soo dumb (Score:5, Funny)
*sigh*... I'm important! I swear...
Re:Go Dan! =) (Score:5, Funny)
Makes me happy I just got laid off (Score:3, Funny)
2. I don't have to worry about someone doing it to me.
Is anyone working on SNORT signatures for this stuff?
Re:...wha? (Score:4, Funny)
2. Detect thousands of networks in seconds.
3. ?????
4. Profit!
So what is it? (Score:5, Funny)
Hmm let me guess you have to compile this as root, after that it will give "proof of concept" to the black hat 2002 people that indeed there are previously untapped capacities deep within my server, somewhere remotely hidden on the outer reaches of my port range?
Alex, I can scan that net in 30ms. (Score:4, Funny)
ping 160.1.255.255
Duck and cover, here comes the smurf...
Re:...wha? (Score:4, Funny)
Re:Go Dan! =) (Score:3, Funny)
A Monty Python nerd?
So with this utility program (Score:3, Funny)
Re:translation (Score:5, Funny)
Slightly different?
Yeah, and a cellphone is just like two cans and some string, only slightly more useful.
There are some seriously funky tools in there - check them out.
no, no, this IS revolutionary! (Score:3, Funny)
basically, this guy found a way to say "i will die alone" in over five hundred words, including the words "link layer" and "phentropy".
Re:Go Dan! =) (Score:0, Funny)
I can attest that he didn't touch me ONCE that entire year.
He's touching me now, though. Thanks slashdot!
Re:Makes me happy I just got laid off (Score:1, Funny)
1. I have plenty of time to play with it.
2. I don't have to worry about someone doing it to me.
Shit, even the gay porn industry is laying people off these days?
Ping of Death! (Score:2, Funny)
Re:Nano Prob Technology? (Score:4, Funny)
If it didn't support stateless tracerouting w/ passive hopcount detection and split mode operation, I'd almost be too embarassed to release it.
--Dan