Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 10:37:15 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=2229362188&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Fpapers%2Fprotocols%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.2229362188.1338201435.1338201435.1338201435.1%3B%2B__utmz%3D32867617.1338201435.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/83306/practicaltls-1130.pdf http://packetstormsecurity.org/files/83306/practicaltls-1130.pdf http://packetstormsecurity.org/files/83306/TLS-SSLv3-Vulnerability-Whitepaper.html Tue, 01 Dec 2009 01:58:41 GMT This paper explains the TLS / SSLv3 vulnerability for a broader audience and summarizes the information that is currently available. This is an update to the original release. http://packetstormsecurity.org/files/82771/practicaltls.pdf http://packetstormsecurity.org/files/82771/practicaltls.pdf http://packetstormsecurity.org/files/82771/TLS-SSLv3-Vulnerability-Explained.html Wed, 18 Nov 2009 16:22:10 GMT This paper explains the TLS / SSLv3 vulnerability for a broader audience and summarizes the information that is currently available. http://packetstormsecurity.org/files/81817/tcp_covert_channels_whitenoise.pdf http://packetstormsecurity.org/files/81817/tcp_covert_channels_whitenoise.pdf http://packetstormsecurity.org/files/81817/Covert-TCP-IP-Network-Channels-Using-Whitenoise-Protocol.html Mon, 05 Oct 2009 23:52:37 GMT Whitepaper called Covert TCP/IP Network Channels Using Whitenoise Protocol. http://packetstormsecurity.org/files/68413/dns-writeup.txt http://packetstormsecurity.org/files/68413/dns-writeup.txt http://packetstormsecurity.org/files/68413/dns-writeup.txt.html Wed, 23 Jul 2008 00:57:32 GMT Interesting write up discussing DNS cache poisoning then and now. http://packetstormsecurity.org/files/60881/protocolhopping.txt http://packetstormsecurity.org/files/60881/protocolhopping.txt http://packetstormsecurity.org/files/60881/protocolhopping.txt.html Wed, 14 Nov 2007 02:10:46 GMT Whitepaper titled Protocol Hopping Covert Channels - Protocol Hopping Covert Channels (PHCC) are a way to realize covert channels that switch between different protocols while a covert channel is established. PHCCs even can use a randomized protocol order and a mixed packet order to transfer packets what makes them hard to detect. http://packetstormsecurity.org/files/59062/WAFUTFF.pdf http://packetstormsecurity.org/files/59062/WAFUTFF.pdf http://packetstormsecurity.org/files/59062/WAFUTFF.pdf.html Wed, 05 Sep 2007 04:45:10 GMT Whitepaper entitled "Writing a fuzzer using the Fuzzled framework". The paper includes some of the techniques used to dismantle protocols including documentation, observation and static analysis. http://packetstormsecurity.org/files/50515/Insecurities_in_AoE.pdf http://packetstormsecurity.org/files/50515/Insecurities_in_AoE.pdf http://packetstormsecurity.org/files/50515/Insecurities_in_AoE.pdf.html Tue, 03 Oct 2006 23:48:10 GMT ATA over Ethernet (AoE) is an open standards based protocol that allows direct network access to disk drives by client hosts. This paper investigates the insecurities present in the ATA over Ethernet (AoE) protocol and presents some attacks that exploit various vulnerabilities in the protocol. http://packetstormsecurity.org/files/36851/SFTPtutorial.html http://packetstormsecurity.org/files/36851/SFTPtutorial.html http://packetstormsecurity.org/files/36851/SFTPtutorial.html.html Tue, 29 Mar 2005 06:36:44 GMT Whitepaper discussing the use and setup of SFTP in the business place. http://packetstormsecurity.org/files/33170/SlippingInTheWindow_v1.0.doc http://packetstormsecurity.org/files/33170/SlippingInTheWindow_v1.0.doc http://packetstormsecurity.org/files/33170/SlippingInTheWindow_v1.0.doc.html Fri, 23 Apr 2004 23:20:53 GMT Full whitepaper by Paul (Tony) Watson entitled Slipping in the Window: TCP Reset Attacks. http://packetstormsecurity.org/files/33169/SlippingInTheWindow_v1.0.ppt http://packetstormsecurity.org/files/33169/SlippingInTheWindow_v1.0.ppt http://packetstormsecurity.org/files/33169/SlippingInTheWindow_v1.0.ppt.html Fri, 23 Apr 2004 23:19:40 GMT Powerpoint presentation by Paul (Tony) Watson entitled Slipping in the Window: TCP Reset Attacks. This presentation was original given at CanSecWest 2004. http://packetstormsecurity.org/files/31826/UKdnsTest.txt http://packetstormsecurity.org/files/31826/UKdnsTest.txt http://packetstormsecurity.org/files/31826/UKdnsTest.txt.html Thu, 16 Oct 2003 06:13:58 GMT Network Penetration conducted a survey at the start of 2003 to check the status of the United Kingdom's DNS infrastructure. This paper discusses the second run of what was tested, the results, some sample zone transfers, and recommendations. http://packetstormsecurity.org/files/31545/SMB-RSVP.txt http://packetstormsecurity.org/files/31545/SMB-RSVP.txt http://packetstormsecurity.org/files/31545/SMB-RSVP.txt.html Wed, 13 Aug 2003 01:37:00 GMT Paper discussing how the Resource reSerVation Protocol (RSVP) is used within the Subnet Bandwidth Management protocol (RFC 2814) and is vulnerable to allowing a rogue host to hijack control of a server via the use of priority assignment. http://packetstormsecurity.org/files/31251/covert_paper.txt http://packetstormsecurity.org/files/31251/covert_paper.txt http://packetstormsecurity.org/files/31251/covert_paper.txt.html Sat, 21 Jun 2003 22:40:30 GMT Exploitation of data streams authorized by a network access control system for arbitrary data transfers: tunneling and covert channels over the HTTP protocol. http://packetstormsecurity.org/files/30997/UDPRemoteControls.txt http://packetstormsecurity.org/files/30997/UDPRemoteControls.txt http://packetstormsecurity.org/files/30997/UDPRemoteControls.txt.html Sun, 06 Apr 2003 01:59:36 GMT This paper illustrates how to control server with the UDP protocol. It covers UDP basics, how to spoof datagrams, and gives full source code with explanations. This paper can be used in conjunction with the udp-remote-final.tar.gz package. http://packetstormsecurity.org/files/29618/newtcp.htm http://packetstormsecurity.org/files/29618/newtcp.htm http://packetstormsecurity.org/files/29618/newtcp.htm.html Wed, 11 Sep 2002 22:48:22 GMT Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later. Includes cool 3D pictures of the sequence number distribution for several OS's and analyzes the predictability of each. Many OS's have very predictable sequence numbers, allowing non encrypted connections to be spoofed and enabling protocol attacks against encrypted connections. http://packetstormsecurity.org/files/25038/routing.pdf http://packetstormsecurity.org/files/25038/routing.pdf http://packetstormsecurity.org/files/25038/routing.pdf.html Sat, 21 Jul 2001 04:32:20 GMT Slides for FX's talk at Defcon 2001 on attacking routing protocols. http://packetstormsecurity.org/files/24928/ICMP_Scanning_v3.0.zip http://packetstormsecurity.org/files/24928/ICMP_Scanning_v3.0.zip http://packetstormsecurity.org/files/24928/ICMP_Scanning_v3.0.zip.html Tue, 05 Jun 2001 19:17:34 GMT ICMP Usage in Scanning v3.0 - This paper outlines what can be done with the ICMP protocol regarding scanning. Although it may seem harmless at first glance, this paper includes details on plain Host Detection techniques, Advanced Host Detection techniques, Inverse Mapping, Trace routing, OS fingerprinting methods with ICMP, and which ICMP traffic should be filtered on a Filtering Device. http://packetstormsecurity.org/files/24766/intro_to_arp_spoofing.pdf http://packetstormsecurity.org/files/24766/intro_to_arp_spoofing.pdf http://packetstormsecurity.org/files/24766/intro_to_arp_spoofing.pdf.html Mon, 30 Apr 2001 17:45:22 GMT Introduction to Arp Spoofing, a method of exploiting the interaction between IP and Ethernet protocols. Includes discussion of switched sniffing, man in the middle attacks, hijacking, cloning, poisoning and more. Describes the operation of ARPoison, Ettercap, and Parasite. http://packetstormsecurity.org/files/24511/OW-003-ssh-traffic-analysis.txt http://packetstormsecurity.org/files/24511/OW-003-ssh-traffic-analysis.txt http://packetstormsecurity.org/files/24511/OW-003-ssh-traffic-analysis.txt.html Mon, 19 Mar 2001 22:46:08 GMT Openwall Advisory - Passive Analysis of SSH Traffic. This advisory demonstrates several weaknesses in implementations of SSH protocols. When exploited, they let the attacker obtain sensitive information by passively monitoring encrypted SSH sessions. The information can later be used to speed up brute-force attacks on passwords, including the initial login password and other passwords appearing in interactive SSH sessions, such as those used with su(1) and Cisco IOS "enable" passwords. All attacks described in this advisory require the ability to monitor (sniff) network traffic between one or more SSH servers and clients. http://packetstormsecurity.org/files/24091/passive.pdf http://packetstormsecurity.org/files/24091/passive.pdf http://packetstormsecurity.org/files/24091/passive.pdf.html Thu, 18 Jan 2001 01:42:19 GMT Passive System Fingerprinting using Network Client Applications - Passive target fingerprinting involves the utilization of network traffic between two hosts by a third system to identify the types of systems being used. Because no data is sent to either system by the monitoring party, detection approaches the impossible. Methods which rely solely on the IP options present in normal traffic are limited in the accuracy about the targets. Further inspection is also needed to determine avenues of vulnerability, as well. We describe a method to rapidly identify target operating systems and version, as well as vectors of attack, based on data sent by client applications. While simplistic, it is robust. The accuracy of this method is also quite high in most cases. Four methods of fingerprinting a system are presented, with sample data provided. http://packetstormsecurity.org/files/24081/host-detection.doc http://packetstormsecurity.org/files/24081/host-detection.doc http://packetstormsecurity.org/files/24081/host-detection.doc.html Mon, 15 Jan 2001 21:21:59 GMT Advanced Host Detection - Techniques To Validate Host-Connectivity. Security Engineers spend a tireless amount of effort to block and filter packet anomalies in an internetwork connected environment. Advanced host mapping bypasses many forms of intrusion detection systems, filters, and routers, essentially enabling an attacker to map and discover previously unknown firewalled hosts. Also available in TXT form. http://packetstormsecurity.org/files/24080/host-detection.pdf http://packetstormsecurity.org/files/24080/host-detection.pdf http://packetstormsecurity.org/files/24080/host-detection.pdf.html Mon, 15 Jan 2001 21:19:41 GMT Advanced Host Detection - Techniques To Validate Host-Connectivity. (PDF) Security Engineers spend a tireless amount of effort to block and filter packet anomalies in an internetwork connected environment. Advanced host mapping bypasses many forms of intrusion detection systems, filters, and routers, essentially enabling an attacker to map and discover previously unknown firewalled hosts. Also available in DOC form. http://packetstormsecurity.org/files/24079/host-detection.txt http://packetstormsecurity.org/files/24079/host-detection.txt http://packetstormsecurity.org/files/24079/host-detection.txt.html Mon, 15 Jan 2001 21:17:57 GMT Advanced Host Detection - Techniques To Validate Host-Connectivity. Security Engineers spend a tireless amount of effort to block and filter packet anomalies in an internetwork connected environment. Advanced host mapping bypasses many forms of intrusion detection systems, filters, and routers, essentially enabling an attacker to map and discover previously unknown firewalled hosts. Also available in DOC form. http://packetstormsecurity.org/files/24052/analisis-remoto-de-sistemas.txt http://packetstormsecurity.org/files/24052/analisis-remoto-de-sistemas.txt http://packetstormsecurity.org/files/24052/analisis-remoto-de-sistemas.txt.html Sat, 13 Jan 2001 00:18:26 GMT Port Scanning and OS Fingerprinting - In Spanish. http://packetstormsecurity.org/files/23926/gre.pdf.gz http://packetstormsecurity.org/files/23926/gre.pdf.gz http://packetstormsecurity.org/files/23926/gre.pdf.gz.html Sat, 23 Dec 2000 23:17:50 GMT This paper describes a possible way to attack hosts with RFC1918 IP addresses behind GRE Tunnels over the Internet.