This paper explains the TLS / SSLv3 vulnerability for a broader audience and summarizes the information that is currently available. This is an update to the original release.
c5beb910e8fe191ec7d383166a44716cThis paper explains the TLS / SSLv3 vulnerability for a broader audience and summarizes the information that is currently available.
8c7187ef4886ebc3a72ea1e852e95794Whitepaper called Covert TCP/IP Network Channels Using Whitenoise Protocol.
e6bb7832d41723e763bd717dfaec0c82Interesting write up discussing DNS cache poisoning then and now.
a0d975e9261838a800c2ee206625f579Whitepaper titled Protocol Hopping Covert Channels - Protocol Hopping Covert Channels (PHCC) are a way to realize covert channels that switch between different protocols while a covert channel is established. PHCCs even can use a randomized protocol order and a mixed packet order to transfer packets what makes them hard to detect.
5d320776e626989ea1b25f67aac58b25Whitepaper entitled "Writing a fuzzer using the Fuzzled framework". The paper includes some of the techniques used to dismantle protocols including documentation, observation and static analysis.
add66aa7259bcf872fdab3c30ab0c06dATA over Ethernet (AoE) is an open standards based protocol that allows direct network access to disk drives by client hosts. This paper investigates the insecurities present in the ATA over Ethernet (AoE) protocol and presents some attacks that exploit various vulnerabilities in the protocol.
88b59f8845764d6106e7c2427f76b9c8Whitepaper discussing the use and setup of SFTP in the business place.
8126602bfbde02e90f2613928dbd6078Full whitepaper by Paul (Tony) Watson entitled Slipping in the Window: TCP Reset Attacks.
b26f786303bd4a9d222a70a397a82501Powerpoint presentation by Paul (Tony) Watson entitled Slipping in the Window: TCP Reset Attacks. This presentation was original given at CanSecWest 2004.
a1b0b84aa9945d244882a533e78ee295Network Penetration conducted a survey at the start of 2003 to check the status of the United Kingdom's DNS infrastructure. This paper discusses the second run of what was tested, the results, some sample zone transfers, and recommendations.
7841d7b80b30c00c25fb3d7f0498b3fbPaper discussing how the Resource reSerVation Protocol (RSVP) is used within the Subnet Bandwidth Management protocol (RFC 2814) and is vulnerable to allowing a rogue host to hijack control of a server via the use of priority assignment.
8ba022f0018a7724e3cbbb169de22180Exploitation of data streams authorized by a network access control system for arbitrary data transfers: tunneling and covert channels over the HTTP protocol.
4536af34036f3ee2b3439ad7b5e85b8bThis paper illustrates how to control server with the UDP protocol. It covers UDP basics, how to spoof datagrams, and gives full source code with explanations. This paper can be used in conjunction with the udp-remote-final.tar.gz package.
2f58a7be9b71e80ca6a744a64e0a5e55Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later. Includes cool 3D pictures of the sequence number distribution for several OS's and analyzes the predictability of each. Many OS's have very predictable sequence numbers, allowing non encrypted connections to be spoofed and enabling protocol attacks against encrypted connections.
010445ebec5632199f8b278f617c32ceSlides for FX's talk at Defcon 2001 on attacking routing protocols.
19dd51ca67fffec971b4c19caeb2e365ICMP Usage in Scanning v3.0 - This paper outlines what can be done with the ICMP protocol regarding scanning. Although it may seem harmless at first glance, this paper includes details on plain Host Detection techniques, Advanced Host Detection techniques, Inverse Mapping, Trace routing, OS fingerprinting methods with ICMP, and which ICMP traffic should be filtered on a Filtering Device.
f60a05e7802e4364c022896d78730665Introduction to Arp Spoofing, a method of exploiting the interaction between IP and Ethernet protocols. Includes discussion of switched sniffing, man in the middle attacks, hijacking, cloning, poisoning and more. Describes the operation of ARPoison, Ettercap, and Parasite.
d6e4ccb58a50fb399854112178df5955Openwall Advisory - Passive Analysis of SSH Traffic. This advisory demonstrates several weaknesses in implementations of SSH protocols. When exploited, they let the attacker obtain sensitive information by passively monitoring encrypted SSH sessions. The information can later be used to speed up brute-force attacks on passwords, including the initial login password and other passwords appearing in interactive SSH sessions, such as those used with su(1) and Cisco IOS "enable" passwords. All attacks described in this advisory require the ability to monitor (sniff) network traffic between one or more SSH servers and clients.
a6971bfa7f65f86bca364b3a8b03a734Passive System Fingerprinting using Network Client Applications - Passive target fingerprinting involves the utilization of network traffic between two hosts by a third system to identify the types of systems being used. Because no data is sent to either system by the monitoring party, detection approaches the impossible. Methods which rely solely on the IP options present in normal traffic are limited in the accuracy about the targets. Further inspection is also needed to determine avenues of vulnerability, as well. We describe a method to rapidly identify target operating systems and version, as well as vectors of attack, based on data sent by client applications. While simplistic, it is robust. The accuracy of this method is also quite high in most cases. Four methods of fingerprinting a system are presented, with sample data provided.
b224cd7181e63bc377c194bc105fe9c7Advanced Host Detection - Techniques To Validate Host-Connectivity. Security Engineers spend a tireless amount of effort to block and filter packet anomalies in an internetwork connected environment. Advanced host mapping bypasses many forms of intrusion detection systems, filters, and routers, essentially enabling an attacker to map and discover previously unknown firewalled hosts. Also available in TXT form.
938010bc0d9b99eb9b35830b0f7a13e7Advanced Host Detection - Techniques To Validate Host-Connectivity. (PDF) Security Engineers spend a tireless amount of effort to block and filter packet anomalies in an internetwork connected environment. Advanced host mapping bypasses many forms of intrusion detection systems, filters, and routers, essentially enabling an attacker to map and discover previously unknown firewalled hosts. Also available in DOC form.
2866b8e06c2e023af6d2353b6ac6c628Advanced Host Detection - Techniques To Validate Host-Connectivity. Security Engineers spend a tireless amount of effort to block and filter packet anomalies in an internetwork connected environment. Advanced host mapping bypasses many forms of intrusion detection systems, filters, and routers, essentially enabling an attacker to map and discover previously unknown firewalled hosts. Also available in DOC form.
29e1aa57dd7594aeb700b3e563f4579aPort Scanning and OS Fingerprinting - In Spanish.
b4d894cbc192bce67cd91bc869bb0807This paper describes a possible way to attack hosts with RFC1918 IP addresses behind GRE Tunnels over the Internet.
74238e97542ad3e67f91ef9f872afd20
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed