This paper explains the TLS / SSLv3 vulnerability for a broader audience and summarizes the information that is currently available. This is an update to the original release.
e3248ace7a5b9361f7b718d101f566a149375092c32ee63eca3bad0a84efdc31This paper explains the TLS / SSLv3 vulnerability for a broader audience and summarizes the information that is currently available.
e3e2ec70ee2040efbdbd9bc976ec570be8d2ff285c3860f57e0e4a9dff455e2fWhitepaper called Covert TCP/IP Network Channels Using Whitenoise Protocol.
0a884201925fc14824d9ab9b415cd303d0223d963086b96507595fa637fb3850Interesting write up discussing DNS cache poisoning then and now.
439676c856aaf8a52705f1a91790ddaba6bee9859565eb539d96d57291cb5b54Whitepaper titled Protocol Hopping Covert Channels - Protocol Hopping Covert Channels (PHCC) are a way to realize covert channels that switch between different protocols while a covert channel is established. PHCCs even can use a randomized protocol order and a mixed packet order to transfer packets what makes them hard to detect.
5e860930cb5e0a371339c0311a86cb658c505870ba95e5089106907f07b049f8Whitepaper entitled "Writing a fuzzer using the Fuzzled framework". The paper includes some of the techniques used to dismantle protocols including documentation, observation and static analysis.
85eff0372eb6b927c7f66e8380f04f54c2152fb1202fd191238c82796096ff34ATA over Ethernet (AoE) is an open standards based protocol that allows direct network access to disk drives by client hosts. This paper investigates the insecurities present in the ATA over Ethernet (AoE) protocol and presents some attacks that exploit various vulnerabilities in the protocol.
6f5f1121fa212f6ba378f2274c2af2edfc54295b55f0b7057d7ed3adbec04da9Whitepaper discussing the use and setup of SFTP in the business place.
052c8fbeded90b605ab6795770b8ba0e89ec1e1dae6c1741e49090e771529bb1Full whitepaper by Paul (Tony) Watson entitled Slipping in the Window: TCP Reset Attacks.
cfaa0ce13321f28319146cd6d78716b3070bbd92fc6e664a8864fa197b70c817Powerpoint presentation by Paul (Tony) Watson entitled Slipping in the Window: TCP Reset Attacks. This presentation was original given at CanSecWest 2004.
4f85642177fadaf502f5453c60487ed284954f6cd7b7bd287b3cc64afdcc4ec0Network Penetration conducted a survey at the start of 2003 to check the status of the United Kingdom's DNS infrastructure. This paper discusses the second run of what was tested, the results, some sample zone transfers, and recommendations.
31dc371eb671d823d16aa2224c769ef3802e82eb0154f61065f3def5701be8f0Paper discussing how the Resource reSerVation Protocol (RSVP) is used within the Subnet Bandwidth Management protocol (RFC 2814) and is vulnerable to allowing a rogue host to hijack control of a server via the use of priority assignment.
a784b06a39d986e6dcbd5f350d4ebbf3f646da4776903e5d2db061756436979fExploitation of data streams authorized by a network access control system for arbitrary data transfers: tunneling and covert channels over the HTTP protocol.
45e9e41b5b3669bd7cdaa1190fc3c1cf452a3ee7911a2a4b07f203f858377e21This paper illustrates how to control server with the UDP protocol. It covers UDP basics, how to spoof datagrams, and gives full source code with explanations. This paper can be used in conjunction with the udp-remote-final.tar.gz package.
3416eee186ecb4a1c7798816bcd5868bc05378accefdc3c5557d1a4fbc71a12aStrange Attractors and TCP/IP Sequence Number Analysis - One Year Later. Includes cool 3D pictures of the sequence number distribution for several OS's and analyzes the predictability of each. Many OS's have very predictable sequence numbers, allowing non encrypted connections to be spoofed and enabling protocol attacks against encrypted connections.
8386fe49e309794b7189962fc049c48f76491712ae797906588405f871f5b1dcSlides for FX's talk at Defcon 2001 on attacking routing protocols.
68e73b3a5647139ae2a8b7ceb88bc2723866a295c5fdd1b4e948cc7d7e738e78ICMP Usage in Scanning v3.0 - This paper outlines what can be done with the ICMP protocol regarding scanning. Although it may seem harmless at first glance, this paper includes details on plain Host Detection techniques, Advanced Host Detection techniques, Inverse Mapping, Trace routing, OS fingerprinting methods with ICMP, and which ICMP traffic should be filtered on a Filtering Device.
75cc3f1aca7052c3ce41ac23e57dd34c03d0762e2b433480c810bfd580de6b74Introduction to Arp Spoofing, a method of exploiting the interaction between IP and Ethernet protocols. Includes discussion of switched sniffing, man in the middle attacks, hijacking, cloning, poisoning and more. Describes the operation of ARPoison, Ettercap, and Parasite.
9f31244837a10876290ac89653e0333bb44ed531f895263dacf205244e32560fOpenwall Advisory - Passive Analysis of SSH Traffic. This advisory demonstrates several weaknesses in implementations of SSH protocols. When exploited, they let the attacker obtain sensitive information by passively monitoring encrypted SSH sessions. The information can later be used to speed up brute-force attacks on passwords, including the initial login password and other passwords appearing in interactive SSH sessions, such as those used with su(1) and Cisco IOS "enable" passwords. All attacks described in this advisory require the ability to monitor (sniff) network traffic between one or more SSH servers and clients.
bfeb7cdafd8058c9afd04d84449f245f170f6508d8227c5fdcf97b1a9b102c98Passive System Fingerprinting using Network Client Applications - Passive target fingerprinting involves the utilization of network traffic between two hosts by a third system to identify the types of systems being used. Because no data is sent to either system by the monitoring party, detection approaches the impossible. Methods which rely solely on the IP options present in normal traffic are limited in the accuracy about the targets. Further inspection is also needed to determine avenues of vulnerability, as well. We describe a method to rapidly identify target operating systems and version, as well as vectors of attack, based on data sent by client applications. While simplistic, it is robust. The accuracy of this method is also quite high in most cases. Four methods of fingerprinting a system are presented, with sample data provided.
bb873d3148a6748b1b8efd1e392bfed62e1e67e0d048e17472c9f51b415581b9Advanced Host Detection - Techniques To Validate Host-Connectivity. Security Engineers spend a tireless amount of effort to block and filter packet anomalies in an internetwork connected environment. Advanced host mapping bypasses many forms of intrusion detection systems, filters, and routers, essentially enabling an attacker to map and discover previously unknown firewalled hosts. Also available in TXT form.
bcd0ca5e08abcf9b92576d7bbdfe79270109a9dc5685889090c874ac94464ac1Advanced Host Detection - Techniques To Validate Host-Connectivity. (PDF) Security Engineers spend a tireless amount of effort to block and filter packet anomalies in an internetwork connected environment. Advanced host mapping bypasses many forms of intrusion detection systems, filters, and routers, essentially enabling an attacker to map and discover previously unknown firewalled hosts. Also available in DOC form.
6dddf484c6959f1f4a3b6533132356f04a4ea4c299828360d6ea8137831b6ef4Advanced Host Detection - Techniques To Validate Host-Connectivity. Security Engineers spend a tireless amount of effort to block and filter packet anomalies in an internetwork connected environment. Advanced host mapping bypasses many forms of intrusion detection systems, filters, and routers, essentially enabling an attacker to map and discover previously unknown firewalled hosts. Also available in DOC form.
c637cd2c806c90bbcf3e707e1c72035f73fcc09ee0e3815a1797cf12bc6a9636Port Scanning and OS Fingerprinting - In Spanish.
d29a0debb8f1e6c0c65c683ae42886381e2e396da3357cddb29a156f530e67d8This paper describes a possible way to attack hosts with RFC1918 IP addresses behind GRE Tunnels over the Internet.
f56cd653e16527b61bea075fcdd9e9bd1e145226aa80c22f2f48ba8f4bdd083a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed