Section: .. / papers / protocols /
| /// File Name: |
gre.pdf.gz |
Description:
|
This paper describes a possible way to attack hosts with RFC1918 IP addresses behind GRE Tunnels over the Internet.
| | Author: | FX | | Homepage: | http://www.phenoelit.de | | File Size: | 26711 | | Last Modified: | Dec 23 18:17:50 2000 |
| MD5 Checksum: | 74238e97542ad3e67f91ef9f872afd20 |
|
| /// File Name: |
ICMP_Scanning_v2.5.pdf |
Description:
|
ICMP Usage in Scanning v2.5 - This paper outlines what can be done with the ICMP protocol regarding scanning. Although it may seem harmless at first glance, this paper includes details on plain Host Detection techniques, Advanced Host Detection techniques, Inverse Mapping, Trace routing, OS fingerprinting methods with ICMP, and which ICMP traffic should be filtered on a Filtering Device.
| | Author: | Ofir Arkin | | Homepage: | http://www.sys-security.com/ | | Changes: | This version introduces a few new OS fingerprinting methods, some of which use ICMP error messages, allowing a remote OS fingerprint even if all the ports are closed. Also a lot of information on ICMP error messages has been added. Also added some snort rules. | | File Size: | 967146 | | Last Modified: | Dec 23 17:51:15 2000 |
| MD5 Checksum: | eacfa193ec4f30313fbc8c46ca890eed |
|
| /// File Name: |
Unverified_Fields_1.0.pdf |
Description:
|
The following problem (as discussed in this paper) has not yet been identified. Certain firewalls today, will not authenticate the validity of certain protocol fields within the packet they are processing. The risk is exposure of information, mainly unique patterns of behavior produced by the probed machines answering our crafted queries. Those patterns will help a malicious computer attacker to identify the operating systems in use. Postscript version available here.
| | Author: | Ofir Arkin | | Homepage: | http://www.sys-security.com/archive/papers | | File Size: | 55847 | | Last Modified: | Oct 15 15:36:08 2000 |
| MD5 Checksum: | 1cbb363d9d632889d80b6632248e326e |
|
| /// File Name: |
ICMP_Scanning_v2.01.pdf |
Description:
|
ICMP Usage in Scanning v2.01 - This paper outlines what can be done with the ICMP protocol regarding scanning. The paper deals with plain Host Detection techniques, Advanced Host Detection techniques, Inverse Mapping, Trace routing, OS fingerprinting methods with ICMP, and which ICMP traffic should be filtered on a Filtering Device.
| | Author: | Ofir Arkin | | Homepage: | http://www.sys-security.com/ | | Changes: | Quite a large number of new OS fingerprinting methods using ICMP, which I have discovered are introduced with this revision. Among those methods, some can be used in order to identify Microsoft Windows 2000 machines; One would allow us to distinguish between Microsoft Windows operating system machines and the rest of the world; Another would allow us to distinguish between SUN Solaris machines and the rest of the world. More methods are introduced in the paper. | | File Size: | 564826 | | Last Modified: | Sep 13 14:01:45 2000 |
| MD5 Checksum: | 9664f0faa4fbc75852ba09891fb6f8fe |
|
| /// File Name: |
ICMP_Scanning.pdf |
Description:
|
ICMP Usage in Scanning - The Internet Control Message Protocol is one of the most complex protocols in the TCP/IP protocol suite regarding its security hazards. This paper gives very in depth information, including discussion of all the ICMP types, ICMP sweeps, host detection using ICMP error messages, ACL detection, Inverse mapping, OS fingerprinting, filtering ICMP, and much more.
| | Author: | Ofir Arkin | | Homepage: | http://www.sys-security.com/ | | File Size: | 327163 | | Last Modified: | Jul 2 01:36:26 2000 |
| MD5 Checksum: | d51b747831adfbae8a290047e2e0f656 |
|
| /// File Name: |
tacacs.analysis.txt |
Description:
|
This advisory presents an analysis of several vulnerabilities in the TACACS+ protocol. Unfortunately, only some of the vulnerabilities can be fixed without breaking the interoperability. Thus, the main purpose of this advisory is to identify the weaknesses, to allow for a conscious decision to be made on how much trust to place into the encryption offered by TACACS+.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/advisories/ | | File Size: | 13904 | | Last Modified: | Jun 2 16:55:19 2000 |
| MD5 Checksum: | e5a86ca81eae6b5aef909fd7e96bcc4b |
|
| /// File Name: |
anon_email.txt |
Description:
|
The Design, Implementation and Operation of an Email Pseudonym Server - Attacks on servers that provide anonymity generally fall into two categories: attempts to expose anonymous users and attempts to silence them. This paper describes the design, implementation, and operation of nym. alias. net, a server providing untraceable email aliases.
| | Author: | David Mazi and M. Frans Kaashoek | | File Size: | 58457 | | Last Modified: | Apr 4 05:58:06 2000 |
| MD5 Checksum: | faa6f6df7f4dc4c2ae3dfc8883f14559 |
|
| /// File Name: |
whatuneed.txt |
Description:
|
Describes what you need to Spoof/Hijack/Predict sequence numbers. Meant for newbies who don't know what to use to execute those kind of attacks often seen in TCP/IP Security Documents.
| | Author: | Neonlenz | | Homepage: | http://www.mha1.8m.com | | File Size: | 3562 | | Last Modified: | Feb 24 15:21:25 2000 |
| MD5 Checksum: | 180651521dbb0b5abe9c56ea5fd4231b |
|
| /// File Name: |
tcpflags.txt |
Description:
|
Easy to understarnd text file explaining the TCP flags.
| | Author: | Neonlenz | | Homepage: | http://www.mha1.8m.com | | File Size: | 2641 | | Last Modified: | Feb 23 15:03:27 2000 |
| MD5 Checksum: | 794c3c46b531dda7752d528316528b12 |
|
| /// File Name: |
dnsinfo.htm |
Description:
|
Information on testing your DNS server to see if it is vulnerable to corruption attacks. A lot of services depend on DNS information. Online test for this vulnerability here.
| | Author: | Johannes Erdfelt | | Homepage: | http://www.apostols.org/ | | File Size: | 12952 | | Last Modified: | Feb 16 18:00:24 2000 |
| MD5 Checksum: | e0b0a6af64faeab1e9961ec7104ef20a |
|
| /// File Name: |
lsacc.txt |
Description:
|
Legitimate Sites as Covert Channels: An Extension to the Concept of Reverse HTTP Tunnels. Legitimate sites that allow anonymous posting can be used to covertly send commands to systems behind firewalls.
| | Author: | Errno Jones | | File Size: | 2410 | | Last Modified: | Feb 4 17:44:28 2000 |
| MD5 Checksum: | 3452061a619b6f08adffd4a528c0cf5e |
|
| /// File Name: |
mi008en.htm |
Description:
|
SILENT CARRIERS AND LINK PROTOCOLS - As we all know, "wardialing" is one of the best entertainments for hacking/phreaking lovers. Sometimes this activity makes us desperate due to the usual "login: password:" repetition that appears in nearly every CARRIER. It's also usual to find Carriers that present us with no message... just a "CONNECT xxxxx". These ones are usually very interesting as you will see in this document.
| | Author: | BadreL | | Homepage: | http://hispahack.ccc.de/en/ | | File Size: | 37636 | | Last Modified: | Dec 22 17:29:25 1999 |
| MD5 Checksum: | 0c72c7ac9ae2dd127a007b857ad0968c |
|
| /// File Name: |
mi004en.htm |
Description:
|
DNS Spoofing and Abuse - Lately on bugtraq there have been a number of DNS abuse related posts.
| | Homepage: | http://hispahack.ccc.de/en/ | | File Size: | 17616 | | Last Modified: | Dec 22 17:28:37 1999 |
| MD5 Checksum: | f038c15b2d68c642f88213b0c6035da7 |
|
| /// File Name: |
cookleak.htm |
Description:
|
Since the invention of Web browser cookies by Netscape, the claim has always been made that they are anonymous and cannot be associated with any personal information unless someone provides this information. In this write-up, I will present a technique in which browser cookies can be matched to Email addresses without people's knowledge. The technique relies on a security hole that is present in both Microsoft's Internet Explorer browser and Netscape's Navigator browser. This technique can be used, for example, to allow a banner ad company to associate an Email address with a "anonymous" profile that has been created for a person as they surf the Web.
| | Author: | Richard Smith | | Homepage: | http://www.tiac.net/users/smiths/privacy/ | | File Size: | 8846 | | Last Modified: | Dec 8 20:23:10 1999 |
| MD5 Checksum: | f82c4516188734b8d1b25a7c65c33e7e |
|
| /// File Name: |
masquerading.html.txt |
Description:
|
A simple guide on what IP masquerading is, what is it good for, how to work with it etc for newbies in that subject.
| | Author: | Gomorrah | | Homepage: | http://blacksun.box.sk | | File Size: | 11807 | | Last Modified: | Nov 3 16:56:48 1999 |
| MD5 Checksum: | 8f87a9f1f803985e6fa2444f0199b1ef |
|
| /// File Name: |
afs.ps |
Description:
|
Highjacking AFS: A description of security weaknesses in the Andrew File System (AFS)
| | File Size: | 54918 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 231b8143c6fa64e5d3a2dc8cdb755a7d |
|
| /// File Name: |
e2e.ps |
Description:
|
An End-to-End Argument for Network Layer, Inter-Domain Access Controls: A method by which different administrative domains of an internetwork can interconnect without exposing their internal resources to unrestricted access
| | File Size: | 200874 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 7a67e3df55375e47eadf4cb8617dd5ad |
|
| /// File Name: |
ident.txt |
Description:
|
Identification Protocol - RFC 1413: A description of the Identification Protocol, a means to determine the identity of the user of a particular TCP connection
| | File Size: | 16292 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | ced71cd04dc21eda2d2a071d1af8b255 |
|
| /// File Name: |
ipext.ps |
Description:
|
Security Problems in the TCP/IP Protocol Suite: A description of several attacks on TCP/IP protocols including sequence number spoofing, routing attacks, source address spoofing, and authentication attacks
| | File Size: | 107383 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 7760088eaaf06bd48a87127499848369 |
|
| /// File Name: |
nis.ps |
Description:
|
A Unix Network Protocol Security Study: Network Information Service: A discussion of the security weaknesses in the Network Information Service (Yellow Pages) protocol from Sun Microsystems
| | File Size: | 75096 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | d1c3a995192aef9029e88f0ce98e9198 |
|
| /// File Name: |
ntp.ps |
Description:
|
A Security Analysis of the NTP Protocol: A security analysis of the Network Time Protocol (NTP)
| | File Size: | 105949 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 47d35f6c0721a883c3ededccae05c117 |
|
| /// File Name: |
oak93.ps |
Description:
|
Protocol Design for Integrity Protection: A design method for message integrity protection
| | File Size: | 632040 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 274ad8850a86357757873e840315d5df |
|
| /// File Name: |
part1.ps |
Description:
|
Access Control and Policy Enforcement in Internetworks. Methods of controlling access policy between different administrative domains of an internetwork. Part I
| | File Size: | 342273 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | f683fe32d400b18a701983a1f23bc784 |
|
| /// File Name: |
part2.ps |
Description:
|
Access Control and Policy Enforcement in Internetworks. Methods of controlling access policy between different administrative domains of an internetwork. Part II
| | File Size: | 447242 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 53dfcbbc015347b2ebae33e54fe40582 |
|
| /// File Name: |
part3.ps |
Description:
|
Access Control and Policy Enforcement in Internetworks. Methods of controlling access policy between different administrative domains of an internetwork. Part III
| | File Size: | 406587 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 8675c6990f2bad1ea038ffba7a7dccf5 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
