lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 01 Apr 2008 08:05:59 -0400
From: "J. Oquendo" <sil@...iltrated.net>
To: bugtraq@...urityfocus.com
Subject: TCP/IP security vulnerability disclosed

Infiltrated Networks Vulnerability Disclosure
TCP/IP is broken

Overview TCP/IP

Transmission Control Protocol/Internet Protocol is the basic 
communication language or protocol of the Internet. It can also be used 
as a communications protocol in a private network (either an intranet or 
an extranet). When you are set up with direct access to the Internet, 
your computer is provided with a copy of the TCP/IP program just as 
every other computer that you may send messages to or get information 
from also has a copy of TCP/IP.

TCP/IP is a two-layer program. The higher layer, Transmission Control 
Protocol, manages the assembling of a message or file into smaller 
packets that are transmitted over the Internet and received by a TCP 
layer that reassembles the packets into the original message. The lower 
layer, Internet Protocol, handles the address part of each packet so 
that it gets to the right destination. Each gateway computer on the 
network checks this address to see where to forward the message. Even 
though some packets from the same message are routed differently than 
others, they'll be reassembled at the destination.

I. Description

TCP/IP uses the client/server model of communication in which a computer 
user (a client) requests and is provided a service (such as sending a 
Web page) by another computer (a server) in the network. TCP/IP 
communication is primarily point-to-point, meaning each communication is 
from one point (or host computer) in the network to another point or 
host computer.

By disconnecting the client between a connection, the server can no 
longer reach its destination thus breaking TCP/IP.

II. Impact

A remote or local attacker can unplug an ethernet cable, unplug a switch 
or router or bring down an interface and disrupt TCP/IP services.

III. Solution

We are currently working to develop and implement a new RFC labeled 
TCP/IP HOKE - Transmission Control Protocol/Internet Protocol Hamster 
Operated Kintec Energy.

TCP/IP HOKE will allow hamsters to act as a medium between an end users 
failed equipment (RJ45, Routers, etal).

http://www.infiltrated.net/spx/HOKE.jpg

It is unnecessary to use relativistic mechanics (the theory of 
relativity as expounded by Albert Einstein) to calculate the kinetic 
energy created by little hamsters. We just know that if those fuzzy 
little rats run fast enough, they can generate enough kinetic energy for 
a brief duration of time. Long enough perhaps for an end user to replace 
an ethernet cable, reboot a router, etal.

Systems Affected
Every interconnected computer on the planet.

Credit:
Si4gT3F1ZW5kbyBzaWxAaW5maWx0cmF0ZWQubmV0Cg==

This document was written by an undercaffeinated engineer.
http://www.infiltrated.net/TCP-IP-HOKE.pimp

If you have feedback, comments, or additional information about this 
vulnerability, please keep them to yourself.


-- 
====================================================
J. Oquendo

SGFA #579 (FW+VPN v4.1)
SGFE #574 (FW+VPN v4.1)

wget -qO - www.infiltrated.net/sig|perl

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB


Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5533 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ