Black Ops of TCP/IP: Paketto Keiretsu 1.0 Release

Effugas writes "After pushing OpenSSH to perform feats of secure tunneling far beyond what I ever expected it could do, it became clear that some genuinely useful modes of network operation were simply inaccessable without either replacing or manipulating core network protocols. Since the basic infrastructure of the Internet isn't likely to change any time soon, that left...creative manipulation and reconstruction of the Lingua Reseaux: TCP/IP. Taking advantage of expectations, pitting layers against eachother, finding new uses for old options and data fields -- instead of simply unleashing the latest incarnation of some "Ping of Death", could such work unveil hidden functionality within existing networks? As I discussed at Black Hat 2002 and the inimitable Defcon X, the answer is yes. And now, proof of this is ready. BSD Licensed (in deference to the very source of TCP/IP), The Paketto Keiretsu, Version 1.0, is a collection of five interwoven "proof of concepts" that explore, extract, and expose previously untapped capacities embedded deep within networks and their stacks, at Layers 2 through 4. The five -- scanrand, minewt, lc ( linkcat ), paratrace, and the OpenQVIS cross-disciplinary-a-go-go phentropy -- demonstrate Stateless TCP Scanning, Inverse SYN Cookies, Guerrila Multicast, Parasitic Tracerouting, Ethernet Trailer Cryptography, and quite a bit more. (For details, stop by DoxPara Research or check out the latest slides. The academic paper is coming "soon".) In terms of actual usefulness, scanrand is no nmap, but it's still interesting: During an authorized test inside a multinational corporation's class B, scanrand detected 8300 web servers across 65,536 addresses. Time elapsed: approximately 4 seconds."

...wha?

...how I wish Babel Fish would have a Geek->English translation option...

Anyone here want to sum it up IN PLAIN ENGLISH, without involving beowulf clusters or "Profit!"?

Re:...wha?

1. Set up a Beowulf cluster of secure tunnelers.
2. Detect thousands of networks in seconds.
3. ?????
4. Profit!

Re:...wha?

[unicron]

Roughly translated it means they have all 3 CCIE's and get money thrown at them.

I'm soo dumb

[hemingwaynet]

How come I go through my day feeling my little code is soo smart until I log in to Slasdot and read about C-level hacking of the core infrastructure of the internet by gods on human thrones and feel like a little 1st grader who has to deliver a note to a sixth grade teacher and marvels at the complex stuff on the chalk board....

*sigh*... I'm important! I swear...

Re:Go Dan! =)

[Karamchand]

I was the girlfriend oft this guy for three years and can attest he spent neglecting me and only fooling around with his computer thingies.

Makes me happy I just got laid off

[jakedata]

1. I have plenty of time to play with it.

2. I don't have to worry about someone doing it to me.

Is anyone working on SNORT signatures for this stuff?

Re:Makes me happy I just got laid off

[hobuddy]

Makes me happy I just got laid off

1. I have plenty of time to play with it.

2. I don't have to worry about someone doing it to me.

Shit, even the gay porn industry is laying people off these days?

So what is it?

[Sarin]

The Paketto Keiretsu, Version 1.0, is a collection of five interwoven "proof of concepts" that explore, extract, and expose previously untapped capacities embedded deep within networks and their stacks, at Layers 2 through 4.

Hmm let me guess you have to compile this as root, after that it will give "proof of concept" to the black hat 2002 people that indeed there are previously untapped capacities deep within my server, somewhere remotely hidden on the outer reaches of my port range? ;)

Alex, I can scan that net in 30ms.

Let's see...

ping 160.1.255.255

Duck and cover, here comes the smurf...

Re:Go Dan! =)

[susano_otter]

that thing that stood on that bridge and wouldn't let people cross until they answered riddles

A Monty Python nerd?

So with this utility program

[kensai]

I can haxor the Gibson and become 3l33t

Re:translation

[schon]

he wrote some new tools that are like the tools we already have but implemented in a slightly different way

Slightly different?

Yeah, and a cellphone is just like two cans and some string, only slightly more useful.

There are some seriously funky tools in there - check them out.

no, no, this IS revolutionary!

basically, this guy found a way to say "i will die alone" in over five hundred words, including the words "link layer" and "phentropy".

Re:Go Dan! =)

I'm this guy's cock. Still am (duh).

I can attest that he didn't touch me ONCE that entire year.

He's touching me now, though. Thanks slashdot!

Ping of Death!

[SaxMaster]

He who sendith the Ping of Death must answer thee these packets three. Ere the other router he see...

Re:Nano Prob Technology?

[Effugas]

I don't get it :-) It's the least impressive work I've done, but it's what everyone talks about, and then everyone says it's not so technically impressive... well duh :-)

If it didn't support stateless tracerouting w/ passive hopcount detection and split mode operation, I'd almost be too embarassed to release it.

--Dan