Each packet sent in this manor has a 1/2^32 chance of succeeding. You need to guess two (effectively) 16 bit numbers: the victim's unknown open port, and the tcp sequence number (within ~16 of its 32 bits, depending on the windowsize) This requires something on the order of 4 billion packets to have a reasonable expectation of closing the connection. There is really no way of knowing if or when a given connection is closed, unless you're taking down routers with it, or some othe observable scenario.
I modified hping2 to spam a victim with these packets. Attempting to reset a local connection with a remote machine takes approximately 20 hours to send the requisite ~4 billion packets. Were these packets to actually travel over a network, it should slow things down significantly.
If one had an army of zombies, then obviously the 20 hour figure can become a 20 minute, or even 20 second figure. But flooding a computer with 4 billion packets in 20 seconds will likely be at least as destructive as the actual payload, except perhaps in the case of major routers communicating over BGP.
Interestingly enough, however, one can still cause massive damage without flooding a single router. Instead, have each of your thousands of zombies try to take down arbitrary routers (perhaps each one sends packets randomly to each known major router). This algorithm allows one to make huge amounts of guesses without saturating the connection to any given router.
If my calculations are correct, then 10000 zombies armed with my exploit and a list of major routers could take them down at a rate of one per 7.2 seconds. At this point, we're talking about serious problems.
Has anybody else done any field testing / analysis?
Daily 2+ hour sessions can do wonders for your skills, but also can strain muscles in your feet. I got an injury once that kept me off the game for about a week.
I expect that BU will receive a DMCA notice in the next day or two, and ask me to remove the memos. Although I would very much like to find this, I simply don't have the resources to get into a legal battle (and it's doubtful BU would stick its neck out for me).
But that's not even necessary. If I could just find two people willing to put up mirrors once my mirror goes down (I've already found one), than their takedown notice will have the net effect of putting another copy of the memos online. This seems to be the best overall strategy for those who can't fight this legally.
If a willing mirror could email me, and let me know what the url of your mirror is, I'd really appreciate it.
Thanks for the tip, I'll have to look into that. I don't know whether the HostAP drivers support promiscuous mode, actually... Getting that card to work at ALL was a huge pain, but I'll look into the latest wlan-ng drivers...
Airtraf 1.0.0 (c)2001,2002 Elixar, Inc. Mode: sniffing server Author: Peter K. Lee All Rights Reserved
You have (1) wireless devices configured in your system Found wlan0: IEEE 802.11-b on IRQ: 3, BaseAddr: 0x0100 Status: UP Using Driver: (hostap_cs) Filename:/lib/modules/2.4.20/pcmcia/hostap_cs.o Author: "SSH Communications Security Corp, Jouni Malinen" success: above driver's compatibility verified! Do you wish to enable monitor mode for your interface at this time? [y|n] y error: HostAP monitor mode incompatible with AirTraf at this time...
Check out www.fury.com/aoliza if you want to see some amusing logs of AIM users who were fooled into believing that they were talking to real people that they knew, when they were actually talking to an AI bot, like ALICE.
If you buy an artist's CD, they get only a tiny fraction of the money you're shelling out, while the rest goes to record companies who hire lobbyists to try to get bills such as the DMCA and the SSSCA passed. Not exactly the best way to spend one's money.
A much better solution is to download mp3s and oggs without guilt, and give money directly to artists via fairtunes.org.
Most recently, I've done a Linux port of it, though the windows version is currently much better.
Enjoy : )
-Luminescent
Re:Download the Demo from fileplanet.com
on
Uplink
·
· Score: 1
That site crashes my browser, going there... I'm running Galeon, the latest version from debian sid. The same thing happens with Mozilla. Anybody know what's up? Care to post an alternate link?
Because jailing him is in direct opposition with the first amendment. Courts have ruled that instructions for building bombs are protected speech. If used for malicious purposes, this information could contribute to acts of terrorism that leave many Americans dead. We already have laws for dealing with murder. We don't need to criminalize the information. To do so, as our founding fathers believed, would be extremely dangerous, as it gives the government too much power. As such, it's still legal to transmit plans for bombs, because of the first amendment.
Now consider Dmitry's program. Even if somebody tried to use it as illegally as possible, they wouldn't even come close causing as much damage as bomb plans would. Perhaps they could transmit a few.pdf files of eBooks to their friends, but they would NOT end human lives. To claim that Dmitry's program, if used for illegal purposes, has the potential to cause more harm than bomb plans is to claim that money is more valuable than life itself.
As such, given that courts have consistantly ruled that even information, whose potential misuse could lead to death, deserves protection under the first amendment, Dmitry's software also deserves the same protections, as any damage that it might cause is minimal compared to criminal use of bombs.
Furthermore, we already have laws covering copyright. If somebody uses Dmitry's program to send copies of some eBook to strangers on the internet, then prosecute them under traditional copyright laws. The DMCA was never needed. Our previous laws were sufficient. Dmitry is not a criminal. Don't let him spend the next 5 years in jail.
Slashdot Mirror
The following pseudo command will send an exploit packet:
linverse@KOS-MOS:~/blackhat/hping2-linv erse$ hping2 [victim.ipaddy] --spoof
[server.ipaddy] --rst --baseport [server.port] --destport [rand()%65536] --setseq
[rand()%((2^32)-1)] --sign "TCP RST Attack"
Each packet sent in this manor has a 1/2^32 chance of succeeding. You need to guess two (effectively) 16 bit numbers: the victim's unknown open port, and the tcp sequence number (within ~16 of its 32 bits, depending on the windowsize) This requires something on the order of 4 billion packets to have a reasonable expectation of closing the connection. There is really no way of knowing if or when a given connection is closed, unless you're taking down routers with it, or some othe observable scenario.
I modified hping2 to spam a victim with these packets. Attempting to reset a local connection with a remote machine takes approximately 20 hours to send the requisite ~4 billion packets. Were these packets to actually travel over a network, it should slow things down significantly.
If one had an army of zombies, then obviously the 20 hour figure can become a 20 minute, or even 20 second figure. But flooding a computer with 4 billion packets in 20 seconds will likely be at least as destructive as the actual payload, except perhaps in the case of major routers communicating over BGP.
Interestingly enough, however, one can still cause massive damage without flooding a single router. Instead, have each of your thousands of zombies try to take down arbitrary routers (perhaps each one sends packets randomly to each known major router). This algorithm allows one to make huge amounts of guesses without saturating the connection to any given router.
If my calculations are correct, then 10000 zombies armed with my exploit and a list of major routers could take them down at a rate of one per 7.2 seconds. At this point, we're talking about serious problems.
Has anybody else done any field testing / analysis?
Daily 2+ hour sessions can do wonders for your skills, but also can strain muscles in your feet. I got an injury once that kept me off the game for about a week.
Hello, I'm the Boston University mirror.
I expect that BU will receive a DMCA notice in the next day or two, and ask me to remove the memos. Although I would very much like to find this, I simply don't have the resources to get into a legal battle (and it's doubtful BU would stick its neck out for me).
But that's not even necessary. If I could just find two people willing to put up mirrors once my mirror goes down (I've already found one), than their takedown notice will have the net effect of putting another copy of the memos online. This seems to be the best overall strategy for those who can't fight this legally.
If a willing mirror could email me, and let me know what the url of your mirror is, I'd really appreciate it.
chrisn1 [at] bu [dot] edu
I called, and, like the other posters have already said, it's very quick + easy.
Thanks, AC, for posting all the info.
Our team's working on it. That's certainly one of our top priorities.
-Chris@tfb
MA doesn't restrict the sale of key duplication tools.
/. reported on the ATT master key research paper, in the winter.
I bought $20 worth back when
PS. It worked!
Thanks for the tip, I'll have to look into that. I don't know whether the HostAP drivers support promiscuous mode, actually... Getting that card to work at ALL was a huge pain, but I'll look into the latest wlan-ng drivers...
Bummer
Check out www.fury.com/aoliza if you want to see some amusing logs of AIM users who were fooled into believing that they were talking to real people that they knew, when they were actually talking to an AI bot, like ALICE.
A much better solution is to download mp3s and oggs without guilt, and give money directly to artists via fairtunes.org.
http://www.sourceforge.net/projects/lumingl
Most recently, I've done a Linux port of it, though the windows version is currently much better.
Enjoy : )
-Luminescent
That site crashes my browser, going there... I'm running Galeon, the latest version from debian sid. The same thing happens with Mozilla. Anybody know what's up? Care to post an alternate link?
DJs. I'll actually be using this software @ a show with The Crystal Method and Hybrid.
Because jailing him is in direct opposition with the first amendment. Courts have ruled that instructions for building bombs are protected speech. If used for malicious purposes, this information could contribute to acts of terrorism that leave many Americans dead. We already have laws for dealing with murder. We don't need to criminalize the information. To do so, as our founding fathers believed, would be extremely dangerous, as it gives the government too much power. As such, it's still legal to transmit plans for bombs, because of the first amendment. Now consider Dmitry's program. Even if somebody tried to use it as illegally as possible, they wouldn't even come close causing as much damage as bomb plans would. Perhaps they could transmit a few .pdf files of eBooks to their friends, but they would NOT end human lives. To claim that Dmitry's program, if used for illegal purposes, has the potential to cause more harm than bomb plans is to claim that money is more valuable than life itself.
As such, given that courts have consistantly ruled that even information, whose potential misuse could lead to death, deserves protection under the first amendment, Dmitry's software also deserves the same protections, as any damage that it might cause is minimal compared to criminal use of bombs.
Furthermore, we already have laws covering copyright. If somebody uses Dmitry's program to send copies of some eBook to strangers on the internet, then prosecute them under traditional copyright laws. The DMCA was never needed. Our previous laws were sufficient. Dmitry is not a criminal. Don't let him spend the next 5 years in jail.