Black Ops of TCP/IP: Paketto Keiretsu 1.0 Release

Effugas writes "After pushing OpenSSH to perform feats of secure tunneling far beyond what I ever expected it could do, it became clear that some genuinely useful modes of network operation were simply inaccessable without either replacing or manipulating core network protocols. Since the basic infrastructure of the Internet isn't likely to change any time soon, that left...creative manipulation and reconstruction of the Lingua Reseaux: TCP/IP. Taking advantage of expectations, pitting layers against eachother, finding new uses for old options and data fields -- instead of simply unleashing the latest incarnation of some "Ping of Death", could such work unveil hidden functionality within existing networks? As I discussed at Black Hat 2002 and the inimitable Defcon X, the answer is yes. And now, proof of this is ready. BSD Licensed (in deference to the very source of TCP/IP), The Paketto Keiretsu, Version 1.0, is a collection of five interwoven "proof of concepts" that explore, extract, and expose previously untapped capacities embedded deep within networks and their stacks, at Layers 2 through 4. The five -- scanrand, minewt, lc ( linkcat ), paratrace, and the OpenQVIS cross-disciplinary-a-go-go phentropy -- demonstrate Stateless TCP Scanning, Inverse SYN Cookies, Guerrila Multicast, Parasitic Tracerouting, Ethernet Trailer Cryptography, and quite a bit more. (For details, stop by DoxPara Research or check out the latest slides. The academic paper is coming "soon".) In terms of actual usefulness, scanrand is no nmap, but it's still interesting: During an authorized test inside a multinational corporation's class B, scanrand detected 8300 web servers across 65,536 addresses. Time elapsed: approximately 4 seconds."

Note to the editors:

[perrin5]

When choosing to post articles, some quick things to bear in mind:
1) What the hell is he talking about?
2) No Really, I got layer 2-4 networking, I even got "TCP/IP", but what, precisely has he done that is worthy of note here?
3) Besides which, to whom is this software suite useful? Does it have exploit probing, does it simply tell you what stuff lives where? Is it something faster than normal scanning procedures?
4) Background?

All of these things could be (if you were so inclined) attached to the end of our user's posts so that those of us who are interested, but completely lost by the pure amount of jargon flying about to understand, can figure out what is going on...

On a side note,

What the hell is the general purpose of these tools, indivdually or as a group?

Re:Note to the editors:

[ealar+dlanvuli]

I know it's a really strange concept, but if you will note some of the words are underlined in his post.

READ THE FUCKING ARTICLES.

Re:Note to the editors:

[perrin5]

OK, asshole alert.

I can, and do try to RTFA, if at all understandable, but when the POST ITSELF is merely a bunch of rambling, usless links to logs, explanations of RFCs of the protocol he's worked off of, a link to stuff he's done in the past, and one POWER POINT FUCKING link, what do you propose I read?

translation

[frenetic3]

"the protocols the internet uses today are not conducive to certain types of networking tasks. however, tcp/ip, one of the internet's framework protocols, has a bunch of obscure parameters and fields that can be exploited to do new things [this isn't a very new concept.] i wrote a network scanner, fake NAT client, packet sniffer, traceroute utility, and some odd visualization tool. i like big words."

basically he wrote some new tools that are like the tools we already have but implemented in a slightly different way, except these tools were heralded by an obtuse 500-word self-aggrandizing technobabbling post on slashdot.

-fren