lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: memetic-engineer at australia.edu (memetic-engineer@...tralia.edu)
Subject: remote kernel exploits?


>- - Given the skill required to craft such an exploit, I'd think it
>would be way out of the grasp of the kids. Since no researcher has
>come forth with such a vulnerability, it's logical to conclude that
>this does not exist.
>The bugs are said to have something to do with integer manipulation in
>the kernels' TCP/IP stacks. That's all he was able to offer me, but was
>very forward in saying that he has full confidence based on
>conversations with others that these bugs do indeed exist.


I would hope so. Unsigned integer manipulation | TCP/IP steganography is not

a new idea.  Does this look familiar?
#phrend 1
18:50:29.071117 ryan.blueboar.com.7350 > poor.theo.com.www: S
 1207959552:1207959552(0)
win 512 (ttl 64, id 49408)

Decoding:... S 1207959552/16777216 [ASCII: 72(H)]


#phrend 2

18:50:30.071117 ryan.blueboar.com.7351 > poor.theo.com.www: S
 1157627904:1157627904(0)
win 512 (ttl 64, id 47616)

Decoding:... S 1157627904/16777216 [ASCII: 69(E)]

#phrend 3


18:50:31.071117 ryan.blueboar.com.7353 > poor.theo.com.www: S
 1275068416:1275068416(0)
win 512 (ttl 64, id 41984)

Decoding:... S 1275068416/16777216 [ASCII: 76(L)]

#phrend 4

18:50:32.071117 ryan.blueboar.com.7354 > poor.theo.com.www: S
 1275068416:1275068416(0)
win 512 (ttl 64, id 7936)

Decoding:... S 1275068416/16777216 [ASCII: 76(L)]

#phrend 5

18:50:33.071117 ryan.blueboar.com.7355 > poor.theo.com.www: S
 1325400064:1325400064(0)
win 512 (ttl 64, id 3072)

Decoding:... S 1325400064/16777216 [ASCII: 79(O)]

#phrend 6

18:50:34.071117 ryan.blueboar.com.7356 > poor.theo.com.www: S
 167772160:167772160(0)
win 512 (ttl 64, id 54528)

Decoding:... S 167772160/16777216 [ASCII: 10(Carriage Return)]

4,294,967,296 numbers can be stored in a 32 bit address space. sequence number

is a nice place to hide data.

Im sure some clever katz have made improvements on this and other techniques.

Who knows though. I could be way off base.

This message was sent from http://australia.edu
Check out the new international site at http://australia.edu/international

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ