Section: .. / papers / protocols /
| /// File Name: |
newtcp.htm |
Description:
|
Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later. Includes cool 3D pictures of the sequence number distribution for several OS's and analyzes the predictability of each. Many OS's have very predictable sequence numbers, allowing non encrypted connections to be spoofed and enabling protocol attacks against encrypted connections.
| | Author: | Michal Zalewski | | Homepage: | http://lcamtuf.coredump.cx/newtcp | | File Size: | 33449 | | Last Modified: | Sep 11 18:48:22 2002 |
| MD5 Checksum: | 010445ebec5632199f8b278f617c32ce |
|
| /// File Name: |
nis.ps |
Description:
|
A Unix Network Protocol Security Study: Network Information Service: A discussion of the security weaknesses in the Network Information Service (Yellow Pages) protocol from Sun Microsystems
| | File Size: | 75096 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | d1c3a995192aef9029e88f0ce98e9198 |
|
| /// File Name: |
ntp.ps |
Description:
|
A Security Analysis of the NTP Protocol: A security analysis of the Network Time Protocol (NTP)
| | File Size: | 105949 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 47d35f6c0721a883c3ededccae05c117 |
|
| /// File Name: |
oak93.ps |
Description:
|
Protocol Design for Integrity Protection: A design method for message integrity protection
| | File Size: | 632040 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 274ad8850a86357757873e840315d5df |
|
| /// File Name: |
OW-003-ssh-traffic-analysis.txt |
Description:
|
Openwall Advisory - Passive Analysis of SSH Traffic. This advisory demonstrates several weaknesses in implementations of SSH protocols. When exploited, they let the attacker obtain sensitive information by passively monitoring encrypted SSH sessions. The information can later be used to speed up brute-force attacks on passwords, including the initial login password and other passwords appearing in interactive SSH sessions, such as those used with su(1) and Cisco IOS "enable" passwords. All attacks described in this advisory require the ability to monitor (sniff) network traffic between one or more SSH servers and clients.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | File Size: | 39118 | | Last Modified: | Mar 19 17:46:08 2001 |
| MD5 Checksum: | a6971bfa7f65f86bca364b3a8b03a734 |
|
| /// File Name: |
part1.ps |
Description:
|
Access Control and Policy Enforcement in Internetworks. Methods of controlling access policy between different administrative domains of an internetwork. Part I
| | File Size: | 342273 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | f683fe32d400b18a701983a1f23bc784 |
|
| /// File Name: |
part2.ps |
Description:
|
Access Control and Policy Enforcement in Internetworks. Methods of controlling access policy between different administrative domains of an internetwork. Part II
| | File Size: | 447242 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 53dfcbbc015347b2ebae33e54fe40582 |
|
| /// File Name: |
part3.ps |
Description:
|
Access Control and Policy Enforcement in Internetworks. Methods of controlling access policy between different administrative domains of an internetwork. Part III
| | File Size: | 406587 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 8675c6990f2bad1ea038ffba7a7dccf5 |
|
| /// File Name: |
passive.pdf |
Description:
|
Passive System Fingerprinting using Network Client Applications - Passive target fingerprinting involves the utilization of network traffic between two hosts by a third system to identify the types of systems being used. Because no data is sent to either system by the monitoring party, detection approaches the impossible. Methods which rely solely on the IP options present in normal traffic are limited in the accuracy about the targets. Further inspection is also needed to determine avenues of vulnerability, as well. We describe a method to rapidly identify target operating systems and version, as well as vectors of attack, based on data sent by client applications. While simplistic, it is robust. The accuracy of this method is also quite high in most cases. Four methods of fingerprinting a system are presented, with sample data provided.
| | Author: | Jose Nazario | | Homepage: | http://www.crimelabs.net | | File Size: | 223084 | | Last Modified: | Jan 17 20:42:19 2001 |
| MD5 Checksum: | b224cd7181e63bc377c194bc105fe9c7 |
|
| /// File Name: |
pem.ps |
Description:
|
Privacy-Enhanced Electronic Mail: A description of the Internet Privacy-Enhanced Mail protocols
| | File Size: | 219460 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 48aa992a086de731454bfdf7fb552477 |
|
| /// File Name: |
portscan.pdf |
Description:
|
Examining port scan methods - Analyzing Audible Techniques. This paper attempts to enumerate a variety of ways to discover and map internal/external networks using signature-based packet replies and known protocol responses when scanning. Specifically, this document presents all known techniques used to determine open/closed ports on a host and ways an attacker may identify the network services running on arbitrary servers. Text version available here.
| | Author: | Dethy | | Homepage: | http://www.synnergy.net | | File Size: | 67383 | | Last Modified: | Jan 5 03:26:29 2001 |
| MD5 Checksum: | aa639e684a8e7913186faa5b0f7081b9 |
|
| /// File Name: |
portscan.txt |
Description:
|
Examining port scan methods - Analyzing Audible Techniques. This paper attempts to enumerate a variety of ways to discover and map internal/external networks using signature-based packet replies and known protocol responses when scanning. Specifically, this document presents all known techniques used to determine open/closed ports on a host and ways an attacker may identify the network services running on arbitrary servers.
| | Author: | Dethy | | Homepage: | http://www.synnergy.net | | File Size: | 32573 | | Last Modified: | Jan 5 03:24:32 2001 |
| MD5 Checksum: | 4608dc43a219fc1243b13e3e1ca6f75d |
|
| /// File Name: |
protocolhopping.txt |
Description:
|
Whitepaper titled Protocol Hopping Covert Channels - Protocol Hopping Covert Channels (PHCC) are a way to realize covert channels that switch between different protocols while a covert channel is established. PHCCs even can use a randomized protocol order and a mixed packet order to transfer packets what makes them hard to detect.
| | Author: | Steffen Wendzel | | Homepage: | http://doomed-reality.org/?sub=research&ssub=phcc_res | | Related Exploit: | phcct-0.1.tgz | | File Size: | 8097 | | Last Modified: | Nov 13 21:10:46 2007 |
| MD5 Checksum: | 5d320776e626989ea1b25f67aac58b25 |
|
| /// File Name: |
routing.pdf |
Description:
|
Slides for FX's talk at Defcon 2001 on attacking routing protocols.
| | Author: | FX | | Homepage: | http://www.phenoelit.de | | File Size: | 879369 | | Last Modified: | Jul 21 00:32:20 2001 |
| MD5 Checksum: | 19dd51ca67fffec971b4c19caeb2e365 |
|
| /// File Name: |
SFTPtutorial.html |
Description:
|
Whitepaper discussing the use and setup of SFTP in the business place.
| | Author: | John K. Norden | | File Size: | 9086 | | Last Modified: | Mar 29 01:36:44 2005 |
| MD5 Checksum: | 8126602bfbde02e90f2613928dbd6078 |
|
| /// File Name: |
SMB-RSVP.txt |
Description:
|
Paper discussing how the Resource reSerVation Protocol (RSVP) is used within the Subnet Bandwidth Management protocol (RFC 2814) and is vulnerable to allowing a rogue host to hijack control of a server via the use of priority assignment.
| | Author: | STE Jones | | Homepage: | http://www.networkpenetration.com | | File Size: | 8652 | | Last Modified: | Aug 12 21:37:00 2003 |
| MD5 Checksum: | 8ba022f0018a7724e3cbbb169de22180 |
|
| /// File Name: |
tacacs.analysis.txt |
Description:
|
This advisory presents an analysis of several vulnerabilities in the TACACS+ protocol. Unfortunately, only some of the vulnerabilities can be fixed without breaking the interoperability. Thus, the main purpose of this advisory is to identify the weaknesses, to allow for a conscious decision to be made on how much trust to place into the encryption offered by TACACS+.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/advisories/ | | File Size: | 13904 | | Last Modified: | Jun 2 16:55:19 2000 |
| MD5 Checksum: | e5a86ca81eae6b5aef909fd7e96bcc4b |
|
| /// File Name: |
tcp.ps |
Description:
|
A Weakness in the 4.2BSD TCP/IP Software: A description of a security weakness of the TCP/IP protocol suite as implemented in 4.2BSD UNIX
| | File Size: | 27041 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | d598165b645dfb2897a5f66f68a1abcf |
|
| /// File Name: |
tcpflags.txt |
Description:
|
Easy to understarnd text file explaining the TCP flags.
| | Author: | Neonlenz | | Homepage: | http://www.mha1.8m.com | | File Size: | 2641 | | Last Modified: | Feb 23 15:03:27 2000 |
| MD5 Checksum: | 794c3c46b531dda7752d528316528b12 |
|
| /// File Name: |
time.ps |
Description:
|
Security Analyses of Network Time Services: An analysis of the security requirements for a network time service
| | File Size: | 134578 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 7c63072407558b828237270604d4f5d5 |
|
| /// File Name: |
transit.ps |
Description:
|
Secure Control of Transit Internetwork Traffic: Methods for controlling traffic traversing a local network on its way from one remote network to another
| | File Size: | 489243 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | ffddd9cdf5b42b4067663ed0dd4b573c |
|
| /// File Name: |
UDPRemoteControls.txt |
Description:
|
This paper illustrates how to control server with the UDP protocol. It covers UDP basics, how to spoof datagrams, and gives full source code with explanations. This paper can be used in conjunction with the udp-remote-final.tar.gz package.
| | Author: | Angelo Rosiello | | File Size: | 16544 | | Last Modified: | Apr 5 20:59:36 2003 |
| MD5 Checksum: | 2f58a7be9b71e80ca6a744a64e0a5e55 |
|
| /// File Name: |
UDPRemoteControls.txt~ |
Description:
|
Unavailable.
| | File Size: | 16565 | | Last Modified: | Apr 5 20:58:23 2003 |
| MD5 Checksum: | 2f58a7be9b71e80ca6a744a64e0a5e55 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
