Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: TCP/IP security vulnerability disclosed

TCP/IP security vulnerability disclosed

From: J. Oquendo <sil_at_infiltrated.net>
Date: Tue, 01 Apr 2008 08:05:59 -0400

Infiltrated Networks Vulnerability Disclosure
TCP/IP is broken

Overview TCP/IP

Transmission Control Protocol/Internet Protocol is the basic
communication language or protocol of the Internet. It can also be used
as a communications protocol in a private network (either an intranet or
an extranet). When you are set up with direct access to the Internet,
your computer is provided with a copy of the TCP/IP program just as
every other computer that you may send messages to or get information
from also has a copy of TCP/IP.

TCP/IP is a two-layer program. The higher layer, Transmission Control
Protocol, manages the assembling of a message or file into smaller
packets that are transmitted over the Internet and received by a TCP
layer that reassembles the packets into the original message. The lower
layer, Internet Protocol, handles the address part of each packet so
that it gets to the right destination. Each gateway computer on the
network checks this address to see where to forward the message. Even
though some packets from the same message are routed differently than
others, they'll be reassembled at the destination.

I. Description

TCP/IP uses the client/server model of communication in which a computer
user (a client) requests and is provided a service (such as sending a
Web page) by another computer (a server) in the network. TCP/IP
communication is primarily point-to-point, meaning each communication is
from one point (or host computer) in the network to another point or
host computer.

By disconnecting the client between a connection, the server can no
longer reach its destination thus breaking TCP/IP.

II. Impact

A remote or local attacker can unplug an ethernet cable, unplug a switch
or router or bring down an interface and disrupt TCP/IP services.

III. Solution

We are currently working to develop and implement a new RFC labeled
TCP/IP HOKE - Transmission Control Protocol/Internet Protocol Hamster
Operated Kintec Energy.

TCP/IP HOKE will allow hamsters to act as a medium between an end users
failed equipment (RJ45, Routers, etal).

http://www.infiltrated.net/spx/HOKE.jpg

It is unnecessary to use relativistic mechanics (the theory of
relativity as expounded by Albert Einstein) to calculate the kinetic
energy created by little hamsters. We just know that if those fuzzy
little rats run fast enough, they can generate enough kinetic energy for
a brief duration of time. Long enough perhaps for an end user to replace
an ethernet cable, reboot a router, etal.

Systems Affected
Every interconnected computer on the planet.

Credit:
Si4gT3F1ZW5kbyBzaWxAaW5maWx0cmF0ZWQubmV0Cg==

This document was written by an undercaffeinated engineer.
http://www.infiltrated.net/TCP-IP-HOKE.pimp

If you have feedback, comments, or additional information about this
vulnerability, please keep them to yourself. 

-- 
====================================================
J. Oquendo
SGFA #579 (FW+VPN v4.1)
SGFE #574 (FW+VPN v4.1)
wget -qO - www.infiltrated.net/sig|perl
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB

Received on Apr 01 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]