Home page logo
/

bugtraq logo Bugtraq mailing list archives

TCP/IP security vulnerability disclosed
From: "J. Oquendo" <sil () infiltrated net>
Date: Tue, 01 Apr 2008 08:05:59 -0400

Infiltrated Networks Vulnerability Disclosure
TCP/IP is broken

Overview TCP/IP

Transmission Control Protocol/Internet Protocol is the basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an intranet or an extranet). When you are set up with direct access to the Internet, your computer is provided with a copy of the TCP/IP program just as every other computer that you may send messages to or get information from also has a copy of TCP/IP.

TCP/IP is a two-layer program. The higher layer, Transmission Control Protocol, manages the assembling of a message or file into smaller packets that are transmitted over the Internet and received by a TCP layer that reassembles the packets into the original message. The lower layer, Internet Protocol, handles the address part of each packet so that it gets to the right destination. Each gateway computer on the network checks this address to see where to forward the message. Even though some packets from the same message are routed differently than others, they'll be reassembled at the destination.

I. Description

TCP/IP uses the client/server model of communication in which a computer user (a client) requests and is provided a service (such as sending a Web page) by another computer (a server) in the network. TCP/IP communication is primarily point-to-point, meaning each communication is from one point (or host computer) in the network to another point or host computer.

By disconnecting the client between a connection, the server can no longer reach its destination thus breaking TCP/IP.

II. Impact

A remote or local attacker can unplug an ethernet cable, unplug a switch or router or bring down an interface and disrupt TCP/IP services.

III. Solution

We are currently working to develop and implement a new RFC labeled TCP/IP HOKE - Transmission Control Protocol/Internet Protocol Hamster Operated Kintec Energy.

TCP/IP HOKE will allow hamsters to act as a medium between an end users failed equipment (RJ45, Routers, etal).

http://www.infiltrated.net/spx/HOKE.jpg

It is unnecessary to use relativistic mechanics (the theory of relativity as expounded by Albert Einstein) to calculate the kinetic energy created by little hamsters. We just know that if those fuzzy little rats run fast enough, they can generate enough kinetic energy for a brief duration of time. Long enough perhaps for an end user to replace an ethernet cable, reboot a router, etal.

Systems Affected
Every interconnected computer on the planet.

Credit:
Si4gT3F1ZW5kbyBzaWxAaW5maWx0cmF0ZWQubmV0Cg==

This document was written by an undercaffeinated engineer.
http://www.infiltrated.net/TCP-IP-HOKE.pimp

If you have feedback, comments, or additional information about this vulnerability, please keep them to yourself.


--
====================================================
J. Oquendo

SGFA #579 (FW+VPN v4.1)
SGFE #574 (FW+VPN v4.1)

wget -qO - www.infiltrated.net/sig|perl

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


  By Date           By Thread  

Current thread:
  • TCP/IP security vulnerability disclosed J. Oquendo (Apr 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]